[Samba] Problems with Samba <=> CUPS and Samba <=> Windows

[Manuel Graumann]

There are two problems I have with Samba

My system: Suse Linux, Kernel version 2.6.12.5, Samba version
3.0.20-0.1-SUSE

1st problem: If I put my outlook.pst on my Samba server and tell my Outlook
to use the network path to it, it screws up after some weeks. The file is
about 240 MB large but I don't think that does matter. I don't have any
other files having problems.

I already tried to disable kernel oplocks and to map the path to a local
drive but it didn't help. What can I do?

2nd problem: I use CUPS with Samba. If I try to cancel my printjobs via
Windows spooler, it comes up with an "access denied" notice. Looking into
the error log it reads: cancel_job: "anonymous" not authorized to delete job
id 156004 owned by "M-Y-U-S-E-R-N-A-M-E"!

What is wrong? My jobs get my username on it, but my cancel commands don't?

I'd appreciate any useful help :)

Thx in advance

Manuel

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: getpeername failed. Error was Transport endpoint is notconnected

[Andrew Bartlett]

On Thu, 2005-10-27 at 02:29 +0200, Andreas Bauer wrote:
> I got some other logs for my problem.
> Hope somebody can use them:
> 
> 
> Oct 27 01:51:57 linuxamd64 smbd[6686]: [2005/10/27 01:51:57, 0] 
> lib/util_sock.c:get_peer_addr(1150)
> Oct 27 01:51:57 linuxamd64 smbd[6686]:   getpeername failed. Error was 
> Transport endpoint is not connected

The client (XP) makes two connections to the server, one 1ms after the
other.  The second one to be accepted is then dropped.  Or perhaps you
just had a client suddenly reboot, or a number of other things. 

This is normal, we really should push it down to debug 2...

> Oct 27 01:37:55 linuxamd64 kernel: end_request: I/O error, dev fd0, sector 0

Put a floppy in the drive :-)

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba 3.0.14 PDC and Windows 2003 TS

[Manuel Erber]

I have a problem with Windows 2003 TS. The TS loses the connection to
the Samba PDC. After a few minutes later, it find it for a few minutes.
An other one Win2003TS has non problem like this.


Could anybody help me??? 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Overloaded samba server. Is it a bug?

[Martin Scandroli]

Experts,

We've just migrated from samba 2.2.8a to samba 3.0.20b in a very large
corporate environment. Everything was really fine in our lab, but we
began
experiment serious load problems on the productive servers the morning
after
the procedure took place. I'll try (briefly) to describe the
characteristics
of the scenario:

Resources:

Old Environment:

Hardware:
Dell PowerEdge 2650
Intel Xeon Processor
2 GB Ram
Raid 5 (via perc raid controller) on 10k scsi disks
Software:
SuSE Linux Enterprise Server 8
Samba 2.2.8a Servers
cups printing service
openldap2 as backend (with replicas all over the country,
about 3000 objects in the tree)
HeartBeat as high availability Service

Everything was charming here!!


New Environment

Hardware:
Dell PowerEdge 2850 Servers
2 Intel Xeon 3.2 GHz (HT i think... i see 4 of them)
Processors
4 GB Ram
Raid 5 (via Perc raid controller) on 15k scsi disks

Software
SuSE Linux Enterprise Server 9
Samba 3.0.20b Servers
cups printing service
Novell eDirectory 8.7.3.4 as backend (Very distributed too,
about 4000 objects in the tree)
HeartBeat as high availability Service
drbd to keep samba configuracion replicated among the cluster
nodes.

Problems we're having (or had, just as a usefull comment):

eDirectory turned out to be much slower than openldap2 when responding
to nss_ldap queries (i mean about 7 or 8 times slower) so
queries
asking for members of large groups (i.e: groups with about 1500 users
and
above) were usually terminated with an RPC timeout

Everything started to work when we added the ldapsam:trusted=yes
parameter. It dramatically reduced the response times and affected
queries
began to work.
The implementation of this feature produced some other problems (we've
found workarrounds but i'll comment them just to provide some feedback).

1) The samba server used to die seconds after it was started. 
Something about the nobody user and it's primary group prevented it from
working in a proper manner. We solved this inconvinient by adding de
user
nobody and it's corresponding primary group to the backend.
2) Root user was no longer recognized, (we still trying to figure out
why, the user's been added to the tree, but nothing changed) so we used
the
new role based administration provided by samba 3 as a workarround 
(SeMachinAccount...), and no more troubles about it.



3)THIS ISSUE IS KILLING US!!!

Something happens in a determined moment of the day (rush hour).
Everything is running smoothly (0.3 - 0.4 of load average) when the load
start to grow indefinitely!!. It raises from 0.3 to 50 in a matter
of
seconds!, and it keeps growing till the server dies. We couldn't find
the
reason of this, but it happens in a two hors interval. Before and after
this
interval, there are no errors of any kind.

I'll paste some log errors (just the ones i saw). I don't think 
they're the cause of our problems, buy you're the experts.

Any clue? do you need me to gather some kind of information? any DoS
bug reported for this samba version?

Any help will be highly appreciated

Regards, 
Martin

--

from /var/log/messages

Oct 25 04:34:15 srvsmb01 smbd[2961]: [2005/10/25 04:34:15, 0] 
lib/util_sock.c:send_smb(762)
Oct 25 04:34:15 srvsmb01 smbd[2961]:   Error writing 4 bytes to 
client. -1. (Connection reset by peer)
Oct 25 04:40:36 srvsmb01 smbd[2983]: [2005/10/25 04:40:36, 0] 
lib/util_sock.c:get_peer_addr(1222)
Oct 25 04:40:36 srvsmb01 smbd[2983]: getpeername failed. Error was
Transport endpoint is not connected
Oct 25 04:40:36 srvsmb01 smbd[2983]: [2005/10/25 04:40:36, 0] 
lib/util_sock.c:write_data(554)
Oct 25 04:40:36 srvsmb01 smbd[2983]: write_data: write failure in
writing to client 167.252.104.98. Error Connection reset
by peer

(this happens very often)

From /var/log/samba/log.nmbd

tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
is already open in this process
[2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
is already open in this process
[2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
is already open in this process
[2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
is already open in this process
[2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
is already open in this process
[2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
tdb(unnamed): tdb_open_ex: /var/lib

Re: [Samba] When trying to Samba (SMBD) it says "not found"

[Matthew Easton]

On Oct 26, 2005, at 4:32 PM, Edouard Ades wrote:


Hi All,


I tried to start the samba service (Smbd) but it tells me "Not  
found" no error number or permission denied.

There was no update made on the box.  I logged on as root
I went to good directory, usr/local/samba/sbin/
and typed smbd   and I got

ksh:  smbd : Not found

If I enter LS under the sbin directory, the smbd is there.
Also, if I enter LS -e le (to see the executable) it returns me  smbd

I even made a search by enteringfind / -name smbd  
2> /dev/null
and when the result came up it showed me the good path which is usr/ 
local/samba/sbin/


and presumably the command "which smbd" also returns /usr/local/samba/ 
sbin/


Try typing "/usr/local/samba/sbin/smbd" (no quotes when you type it)   
from your home directory, or if you go to /usr/local/samba.sbin/ then  
try "./smbd" (again, no quotes).  The dot-slash means, essentially,  
"right here, in this directory"


I suppose you can have smbd failing to start if you have a bad  
configuration file, or incorrect permission, although in my  
experience samba comes with a default that at least launches.


Ultimately you'll want an init file that launches samba when you boot  
up.  Something in /etc/init.d or /etc/rc.d  (depends on what your  
operating system is.)



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Possible Samba Memory Leak

[Jeremy Allison]

On Wed, Oct 26, 2005 at 10:41:30AM +0100, Stephen Borrill wrote:
> On Mon, 4 Jul 2005, Jeremy Allison wrote:
> >On Wed, Jun 29, 2005 at 08:19:18AM -0400, Anthony Russello wrote:
> >>
> >>Hi Jeremy,
> >>
> >>The same issue occurs when running samba 3.0.14a fresh
> >>from samba.org.
> >
> >As you're doing this on an embedded system as I recall you
> >might want to cut down on the stat cache (which can grow
> >unlimited on normal systems). To turn it off set :
> >
> >stat cache = False
> >
> >To limit the size set :
> >
> >max stat cache size = XX
> >
> >(where XX is in 1k units).
> 
> We have a similar problem at one site using a Fox Pro database. The sizes 
> of the smbd processes continually increases until the server runs out of 
> swap (3.0.14). We've mitigated this a little by getting them to all log 
> off overnight and also restarting samba at 8am, but by mid-afternoon the 
> problem usually re-occurs. The processes get up to 200MB or so if left 
> unchecked. We've been running with "stat cache = no" for a while which has 
> made no difference. The DBF files being used by the database (it uses some 
> nasty file locking to spoof up a multi-user db) are up to around 90MB in 
> size.
> 
> I cannot be certain, but I believe this problem has only recently started 
> happening (perhaps with an upgrade from 3.0.10 to 3.0.14?).
> 
> Is there anything I can tweak?

As it's growing can you try doing 

smbcontrol  pool-usage

to get smbd to dump out it's talloc pools. Keep doing it,
if one of them grows this may be a clue.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba without netbios

[William Burns]

John H Terpstra wrote:


OK - I'll try to answer this.

Originally Windows networking used only NetBIOS over TCP/IP.
 


.

Now, please send me documentation updates as your contribution to help others 
like yourself from getting sucked into the same whirlpool.
 


Um, Ok. I hope you don't end up regretting the request.
I tried cram in everything I've run across..
If it holds up to scrutiny, I can look for ways to integrate this into 
the current docs.




SAMBA, naming services, "NetBIOS-over TCP/IP", and the potential for 
NetBIOS-less SMB protocol.


NetBIOS-over-TCP/IP means different things to different people.
Much trouble results from confusing the original NetBEUI a.k.a. 
NetBIOS-over-LLC, w/ the emulated NetBIOS-over-TCP/IP, and the latest 
non-NetBIOS use of SMB that has large dependencies on either 
undocumented, or poorly documented naming services that (as of this pre 
SAMBA-4 writing) can only be provided by a MS-AD-Domain.


In the early days of ethernet standards, NetBIOS (like many early 
sibling protocols to TCP/IP) was implemented over an ethernet frame type 
called 802.2, or "LLC". In this form, NetBIOS was referred to as NetBEUI.
SMB file sharing was implemented on top of NetBIOS, providing the 
now-common UNC "\\server\sharename" syntax used by microsoft today.
Meanwhile, TCP/IP developed. IPv4 came w/ routing features and was 
deployed on top of the "ethernet II" frame type.

TCP (like NetBIOS) provided the concept of a session, but NetBIOS sessions
http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/netbios/netbios_3qjy.asp
are established from and to "calling" and "called" NetBIOS names, while 
TCP sessions are established between IP addresses.
(unlike NetBIOS, most TCP/IP protocols are unaware of, or do not need to 
be aware of, the actual names of the client and server on each end of a 
session)


In the era of Win'NT 3.5.1, Microsoft implemented a TCP/IP stack,  
NT-Domains, and included an SMB file server.
Since their SMB implementation depended on NetBIOS, Microsoft emulated a 
NetBIOS network over TCP/IP.
NetBIOS naming traffic was sent over ports 137, and 138.  SMB traffic 
was sent over virtual NetBIOS sessions, over a TCP session on port 139.


Other networking companies were adapting the SMB protocol in the same 
way, and SAMBA was designed to work w/ one of their products.
It is this NetBIOS-naming (performed by nmbd) on ports 137/138, and 
SMB-over-NetBIOS-session-over-TCP-session on port 139 that today allows 
SAMBA to interoperate w/ Win'NT4, and Win'9x, as well as Win'XP, and 
Win'200x.


By default, Win'95 uses the same emulated NetBIOS-over-TCP/IP scheme as 
NT 3.5.1.
Win'95 can either broadcast NetBIOS-over-TCP/IP packets, to reach every 
machine in it's NT-domain/workgroup.
or send unicast NetBIOS-over-TCP/IP packets to a WINS server, defined in 
the client's network properties.
Turning off the Win'95 "NetBIOS-over-TCP/IP" feature causes it to revert 
to NetBIOS over LLC, which does not work w/ SAMBA. (smbd supports 
NetBIOS-over-TCP -only on port 139)
In Win'95, turning off this feature does NOT get rid of NetBIOS, it 
detaches  your NetBIOS-based UNC shares from access to TCP/IP, which is 
probably the opposite of what you intended.


"Browsing" the network opens (small) can of worms.
In the windows-GUI world, simply typing a UNC name in order to access a 
server or share isn't good enough.
You "browse" through the list of computers available to you in your 
network neighborhood.
Hopefully, your local master browser's list of cached server names is up 
to date. (If the "weather" is good in your network neighborhood)
Your client will display this browse-list of server names, organizing it 
by workgroup/NT-domain.
In the world of NetBIOS networks, it makes perfect sense to open a 
NetBIOS session (port 139) to your local-master-browser(s), or your WINS 
server, so that you can pull down a large list of available computer names.
In the world of SAMBA, the samba-naming-daemon (nmbd) listens on ports 
137 and 138, while the smb server (smbd) listens on port 139, the 
"session" port. Of course, your SMB share is the *only* thing that might 
require a session, right? wrong.
In those situations where your samba server is acting as a master 
browser, it has to accept the "browse" connection on port 139, and 
help-out nmbd by providing the "name service" function of listing all 
the names in  nmbd's NetBIOS naming cache.
How can you use NetBIOS to "browse" over to some other network of SMB 
servers?
You can't. w/ NetBIOS, your GUI client shows you every NT-domain it can 
find. If you need to access a machine that's not listed because it's on 
a non-local network, you'll have to type the UNC.


Note:
{If you're fine w/ typing in UNC names, you might wonder what a local 
master browser does for you, and why they bother holding elections for one.
I mean, if all NetBIOS naming info is available from a local master 
browser, why does Win'XP keep 

Re: [Samba] 3.0.20b and Heimdal

[Jeremy Allison]

On Thu, Oct 27, 2005 at 10:31:58AM +1000, Andrew Bartlett wrote:
> On Mon, 2005-10-24 at 12:40 -0700, Jeremy Allison wrote:
> > On Mon, Oct 24, 2005 at 03:35:41PM -0400, William Jojo wrote:
> > > 
> > > Has anyone been able to get Heimdal 0.7.1 with Samba 3.0.20b to compile 
> > > successfully without commenting out the __cplusplus stuff in 
> > > include/includes.h? If I comment it out, it's fine on FC3. The Heimdal 
> > > people are using "private" as a structure member name, so I know it's a 
> > > Heimdal problem :-).
> > 
> > I think you need to remove the __cplusplus change in Samba3 to make
> > things compile.
> 
> Should we make this only for --enable-developer, given we don't control
> what may be in system headers?

No. System headers that include C++ keywords are broken.
I'd rather make that explicit.

Jeremy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How does Samba handle unexpected disconnects?

[Andrew Bartlett]

On Wed, 2005-10-26 at 09:39 -0400, Paul Griffith wrote:
> Greetings,
> 
> I have been looking for infomation on how Samba handle rude
> disconnects. Here is the test
> 
> #1 - Login to Samba hosted Domain
> #2 - Turn off the computer; Turn the computer back on
> #3 - goto to step #1 and repeat
> 
> Now at some point my login should fail...right?

It shouldn't.

> If I try the above steps, after the 5-6th power off I get ''
> Domain not found!

That's odd.  Do you have a network trace?

> Questions
> 
> Does Samba kill the connection after the dead time has been reached
> assuming deadtime has been set?

Yes, but if you have rebooted the client then the OS may get to it
first.

> Does the OS timeout the TCP connnection and kill the connection ?
> 
> Do these zombie connections limit or effect new connections?

The only effect these connections have is that they may still hold
locks, and we have been chasing some behaviour issues where a client
that is still live reconnects, but the old connection has the locks.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20b and Heimdal

[Andrew Bartlett]

On Mon, 2005-10-24 at 12:40 -0700, Jeremy Allison wrote:
> On Mon, Oct 24, 2005 at 03:35:41PM -0400, William Jojo wrote:
> > 
> > Has anyone been able to get Heimdal 0.7.1 with Samba 3.0.20b to compile 
> > successfully without commenting out the __cplusplus stuff in 
> > include/includes.h? If I comment it out, it's fine on FC3. The Heimdal 
> > people are using "private" as a structure member name, so I know it's a 
> > Heimdal problem :-).
> 
> I think you need to remove the __cplusplus change in Samba3 to make
> things compile.

Should we make this only for --enable-developer, given we don't control
what may be in system headers?

> > Also, should one be using Heimdal or MIT krb for use in 3.x? 
> > I see much talk of Heimdal in Samba 4 and wondering where I should be 
> > concentraing my education now and in the future. :-)

In terms of 'user experience', the administrator shouldn't see either
the MIT or Heimdal administration tools, and we are a fair way off from
even relying on system libs (so installing the right thing won't be a
concern).  As such, you won't see very much of either, except if you
start looking carefully at the code.

> Samba4 has integrated Heimdal as their KDC as the architecture
> is vastly easier to integrate than the MIT codebase (having
> the Heimdal author help with this also hasn't hurt :-).

It does make my life easier :-)

Andrew Bartlett
-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: getpeername failed. Error was Transport endpoint is notconnected

[Andreas Bauer]

I got some other logs for my problem.
Hope somebody can use them:


Oct 27 01:51:57 linuxamd64 smbd[6686]: [2005/10/27 01:51:57, 0] 
lib/util_sock.c:get_peer_addr(1150)
Oct 27 01:51:57 linuxamd64 smbd[6686]:   getpeername failed. Error was 
Transport endpoint is not connected


Oct 27 01:51:57 linuxamd64 smbd[6686]:   write_socket_data: write failure. 
Error = Connection reset by peer
Oct 27 01:51:57 linuxamd64 smbd[6686]: [2005/10/27 01:51:57, 0] 
lib/util_sock.c:write_socket(455)
Oct 27 01:51:57 linuxamd64 smbd[6686]:   write_socket: Error writing 4 bytes 
to socket 28: ERRNO = Connection reset by peer
Oct 27 01:51:57 linuxamd64 smbd[6686]: [2005/10/27 01:51:57, 0] 
lib/util_sock.c:send_smb(647)
Oct 27 01:51:57 linuxamd64 smbd[6686]:   Error writing 4 bytes to 
client. -1. (Connection reset by peer)






Oct 27 01:51:59 linuxamd64 smbd[6690]: [2005/10/27 01:51:59, 0]

rpc_server/srv_samr_nt.c:_samr_create_user(2324)


Oct 27 01:51:59 linuxamd64 smbd[6690]:   _samr_create_user:

Running the command `/usr/sbin/smbldap-useradd.pl -w workstation2$' gave 127




Oct 27 01:37:48 linuxamd64 kernel: powernow-k8: Found 1 AMD Athlon 64 / 
Opteron processors (version 1.00.09e)
Oct 27 01:37:48 linuxamd64 kernel: powernow-k8: BIOS error - no PSB
Oct 27 01:37:48 linuxamd64 rcpowersaved: CPU frequency scaling is not 
supported by your processor.
Oct 27 01:37:48 linuxamd64 rcpowersaved: enter 
'POWERSAVE_CPUFREQD_MODULE=off' in /etc/sysconfig/powersave/cpufreq to avoid 
this warning.



Oct 27 01:37:55 linuxamd64 kernel: end_request: I/O error, dev fd0, sector 0



Many thanks

Andreas



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Authentication problem with Mysql backend

[Andrew Bartlett]

On Wed, 2005-10-26 at 14:44 -0500, Rodrigo De la Pena wrote:
> i'm using samba-3.0.20b, 
> 
> "did you create the unix user-account aswell ??"
> do i have to create the accounts in the OS to use them with mysql? 
> i create the account "rodelapena" whith its passwd and it failed by
> NT_STATUS_BAD_NETWORK_NAME, in theory the authentication worked, but it
> wont be necessary to create an OS account to could use it in mysql, am i
> wrong??.
> 
> i made the changes to the smb.conf that you suggested me before the
> creation of the OS account and authentication failed again. 

Yes, all Samba users must exist in the OS.  This is why I am mystified
by the number of people who want to use MySQL to back Samba :-)

I strongly suggest following the pdb_ldap route, and use nss_ldap to
provide the users to the OS.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] When trying to Samba (SMBD) it says "not found"

[Edouard Ades]

Hi All,
 
 
I tried to start the samba service (Smbd) but it tells me "Not found" no error 
number or permission denied.
There was no update made on the box.  I logged on as root
I went to good directory, usr/local/samba/sbin/
and typed smbd   and I got 
 
ksh:  smbd : Not found
 
If I enter LS under the sbin directory, the smbd is there.
Also, if I enter LS -e le (to see the executable) it returns me  smbd
 
I even made a search by enteringfind / -name smbd 2> /dev/null
and when the result came up it showed me the good path which is 
usr/local/samba/sbin/
 
 
I'm new in the Unix / samba stuff, it's probably just a little thing that I'm 
missing !!
So if anyone can help I'd really appreciate.
 
Thanks in advance
 
Eddy 
 

Notice: This transmission is for the sole use of the intended recipient(s) and 
may contain information that is confidential and/or privileged.  If you are not 
the intended recipient, please delete this transmission and any attachments and 
notify the sender by return email immediately.  Any unauthorized review, use, 
disclosure or distribution is prohibited.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Specified network password is not correct

[Merle Reine]

Every article I read says to drop port 445.  If I do not, I get my log 
file filled up with errors about getpeername failed.


Even with no firewall at all, I still get the password incorrect problem 
so it seems to be not related.  Any other ideas?


Thomas M. Skeren III wrote:


Merle Reine wrote:


I had the firewall off but now turned it on.
I modified the firewall on the box and added the following:



Why?  Samba 3 listens for smb calls on 445.




iptables -I INPUT 1 -p tcp --dport 139 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 445 -j DROP  (to stop the 
getpeername failed error)
apparently XP tries to connect to port 445 first then port 139 
causing errors.




Now I am getting in /var/log/samba/smbd.log:

[2005/10/26 14:17:49, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 14:17:55, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 14:18:19, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 14:18:24, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego


In Windows, trying to connect now gives:

Logon failure: unknown user name or bad password.

As operator/operator is the correct user/pass, not sure what else is 
going wrong.


My previous setup on the 386 machine with samba 2.x serves 400 users 
and has been working for years.  Something must have changed in samba 
3.x.  I tried to copy over the smb.conf from the 2.x machine but that 
will not work either.


Merle Reine wrote:

I am having trouble connecting to a Centos 4.1 machine.  I have the 
following installed:


samba-common-3.0.10-1.4E
samba-3.0.10-1.4E.2
samba-client-3.0.10-1.4E
samba-swat-3.0.10-1.4E.2

Currently running:
smbd
nmbd
winbind


My smb.conf is as follows:

# Global parameters
[global]
   preferred master = No
   domain master = No
   wins support = Yes
   encrypt passwords = yes
   remote announce = 192.168.1.255/soupx
   smb passwd file = /etc/samba/smbpasswd


[homes]
   read only = No

[test]
   comment = test share
   path = /u/sambausers
   valid users = operator




I have one user in /etc/samba/smbpasswd:
operator:11:8880F85FF03EAF3B944E2DF489A880E4:E337E31AA4C614B2895AD684A51156DF:[U  
]:LCT-435FE36C:



I am in the process of switching an old 386 machine for a dual xeon 
machine.  On the old 386, running:

samba-2.2.5-10
samba-common-2.2.5-10
samba-client-2.2.5-10
samba-swat-2.2.5-10

I can connect to the 386 with any windows, linux, mac.

When I try to connect to the new machine running samba 3.0.10 from 
unix, i connect fine:


[EMAIL PROTECTED] temp]# smbclient //soupx/test -W LINUX-SOUP -U operator
added interface ip=192.168.1.208 bcast=192.168.1.255 
nmask=255.255.255.0

Got a positive name query response from 192.168.1.9 ( 192.168.1.9 )
Password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.2]
smb: \> dir
 .   D0  Mon Sep 26 15:27:14 
2005
 ..  D0  Mon Oct 10 05:11:02 
2005
 stores  D0  Sat Oct 22 06:02:08 
2005
 npd D0  Fri Jul 29 08:51:38 
2005
 legal   D0  Tue Sep 23 15:22:20 
2003
. 



When I try to connect from any windows machine, I get:
net use z: \\soupx\test
Enter the user name for 'soupx' : operator
Enter the password for soupx:
System error 86 has occured.

The specified network password is not correct.
... 



I used smbpasswd -a operator  and set the password (which works from 
a linux machine)


In /var/log/samba/smbd.log I see:

[2005/10/26 13:48:21, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 13:48:28, 0] lib/util_sock.c:get_peer_addr(1000)
 getpeername failed. Error was Transport endpoint is not connected
[2005/10/26 13:48:28, 0] lib/util_sock.c:read_socket_data(384)
 read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/10/26 13:48:28, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego

I can connect to a public share on this machine without a password.

Any idea what is wrong?








--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Specified network password is not correct

[Merle Reine]

I had the firewall off but now turned it on.
I modified the firewall on the box and added the following:


iptables -I INPUT 1 -p tcp --dport 139 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 445 -j DROP  (to stop the getpeername 
failed error)
apparently XP tries to connect to port 445 first then port 139 causing 
errors.




Now I am getting in /var/log/samba/smbd.log:

[2005/10/26 14:17:49, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)
 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 14:17:55, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)
 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 14:18:19, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)
 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 14:18:24, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)
 Unknown packet in reply_sesssetup_and_X_spnego


In Windows, trying to connect now gives:

Logon failure: unknown user name or bad password.

As operator/operator is the correct user/pass, not sure what else is 
going wrong.


My previous setup on the 386 machine with samba 2.x serves 400 users and 
has been working for years.  Something must have changed in samba 3.x.  
I tried to copy over the smb.conf from the 2.x machine but that will not 
work either.


Merle Reine wrote:

I am having trouble connecting to a Centos 4.1 machine.  I have the 
following installed:


samba-common-3.0.10-1.4E
samba-3.0.10-1.4E.2
samba-client-3.0.10-1.4E
samba-swat-3.0.10-1.4E.2

Currently running:
smbd
nmbd
winbind


My smb.conf is as follows:

# Global parameters
[global]
   preferred master = No
   domain master = No
   wins support = Yes
   encrypt passwords = yes
   remote announce = 192.168.1.255/soupx
   smb passwd file = /etc/samba/smbpasswd


[homes]
   read only = No

[test]
   comment = test share
   path = /u/sambausers
   valid users = operator




I have one user in /etc/samba/smbpasswd:
operator:11:8880F85FF03EAF3B944E2DF489A880E4:E337E31AA4C614B2895AD684A51156DF:[U  
]:LCT-435FE36C:



I am in the process of switching an old 386 machine for a dual xeon 
machine.  On the old 386, running:

samba-2.2.5-10
samba-common-2.2.5-10
samba-client-2.2.5-10
samba-swat-2.2.5-10

I can connect to the 386 with any windows, linux, mac.

When I try to connect to the new machine running samba 3.0.10 from 
unix, i connect fine:


[EMAIL PROTECTED] temp]# smbclient //soupx/test -W LINUX-SOUP -U operator
added interface ip=192.168.1.208 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 192.168.1.9 ( 192.168.1.9 )
Password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.2]
smb: \> dir
 .   D0  Mon Sep 26 15:27:14 2005
 ..  D0  Mon Oct 10 05:11:02 2005
 stores  D0  Sat Oct 22 06:02:08 2005
 npd D0  Fri Jul 29 08:51:38 2005
 legal   D0  Tue Sep 23 15:22:20 2003
. 



When I try to connect from any windows machine, I get:
net use z: \\soupx\test
Enter the user name for 'soupx' : operator
Enter the password for soupx:
System error 86 has occured.

The specified network password is not correct.
... 



I used smbpasswd -a operator  and set the password (which works from a 
linux machine)


In /var/log/samba/smbd.log I see:

[2005/10/26 13:48:21, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 13:48:28, 0] lib/util_sock.c:get_peer_addr(1000)
 getpeername failed. Error was Transport endpoint is not connected
[2005/10/26 13:48:28, 0] lib/util_sock.c:read_socket_data(384)
 read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/10/26 13:48:28, 1] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)

 Unknown packet in reply_sesssetup_and_X_spnego

I can connect to a public share on this machine without a password.

Any idea what is wrong?





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Specified network password is not correct

[Merle Reine]

I am having trouble connecting to a Centos 4.1 machine.  I have the 
following installed:


samba-common-3.0.10-1.4E
samba-3.0.10-1.4E.2
samba-client-3.0.10-1.4E
samba-swat-3.0.10-1.4E.2

Currently running:
smbd
nmbd
winbind


My smb.conf is as follows:

# Global parameters
[global]
   preferred master = No
   domain master = No
   wins support = Yes
   encrypt passwords = yes
   remote announce = 192.168.1.255/soupx
   smb passwd file = /etc/samba/smbpasswd


[homes]
   read only = No

[test]
   comment = test share
   path = /u/sambausers
   valid users = operator




I have one user in /etc/samba/smbpasswd:
operator:11:8880F85FF03EAF3B944E2DF489A880E4:E337E31AA4C614B2895AD684A51156DF:[U  
]:LCT-435FE36C:



I am in the process of switching an old 386 machine for a dual xeon 
machine.  On the old 386, running:

samba-2.2.5-10
samba-common-2.2.5-10
samba-client-2.2.5-10
samba-swat-2.2.5-10

I can connect to the 386 with any windows, linux, mac.

When I try to connect to the new machine running samba 3.0.10 from unix, 
i connect fine:


[EMAIL PROTECTED] temp]# smbclient //soupx/test -W LINUX-SOUP -U operator
added interface ip=192.168.1.208 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 192.168.1.9 ( 192.168.1.9 )
Password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.2]
smb: \> dir
 .   D0  Mon Sep 26 15:27:14 2005
 ..  D0  Mon Oct 10 05:11:02 2005
 stores  D0  Sat Oct 22 06:02:08 2005
 npd D0  Fri Jul 29 08:51:38 2005
 legal   D0  Tue Sep 23 15:22:20 2003
.

When I try to connect from any windows machine, I get:
net use z: \\soupx\test
Enter the user name for 'soupx' : operator
Enter the password for soupx:
System error 86 has occured.

The specified network password is not correct.
...

I used smbpasswd -a operator  and set the password (which works from a 
linux machine)


In /var/log/samba/smbd.log I see:

[2005/10/26 13:48:21, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)
 Unknown packet in reply_sesssetup_and_X_spnego
[2005/10/26 13:48:28, 0] lib/util_sock.c:get_peer_addr(1000)
 getpeername failed. Error was Transport endpoint is not connected
[2005/10/26 13:48:28, 0] lib/util_sock.c:read_socket_data(384)
 read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/10/26 13:48:28, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(593)
 Unknown packet in reply_sesssetup_and_X_spnego

I can connect to a public share on this machine without a password.

Any idea what is wrong?




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problems with LDAP authentication backend.

[paul kölle]

[EMAIL PROTECTED] wrote:
Either I do not understand how Samba impliments LDAP or there is something
> wrong with my setup.  My LDAP implimentation is as follows.  The main LDAP
> suffix is dc=motogroup,dc=com and there are OU's of people and group under
> there.
> 
> Now, Samba is able to connect to the LDAP server, but it is not looking in
> the right place for the user accounts.  If I attempt to run pdbedit -L I
> get the following:
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> ldapsam_setsampwent: 0 entries in the base!
> 
> What I see there is Samba is in SamaDomainName=SYSLOGSERVER for the user
> accounts.  Since the accounts are not stored under that OU it isn't finding
> anything.  I attempted to copy the OU=people and the OU=group to
> SamaDomainName=SYSLOGSERVER but it still fails.
It's not looking for users here but for the entry with domain specific
information (domsid, ...). AFAIK you need to give samba write access to
"ldap suffix" (temporarily?) to create this entry.

> 
> Anyone have any ideas why Samba is not finding the accounts?
Maybe you missed to setup nss_ldap on your server to fetch the unix part
from ldap?

hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unicode, ASCII, and Samba3 ...

[Nicholas Brealey]

Julien Ailhaud wrote:


Problem summary :
Files created with samba2 are now unreadable with samba3. I tested all
possible settings in samba, rebuild it with libiconv, already posted here
without reply ... without success.



You need to use convmv on your Samba server.

http://j3e.de/linux/convmv/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Authentication problem with Mysql backend

[Rodrigo De la Pena]

i'm using samba-3.0.20b, 

"did you create the unix user-account aswell ??"
do i have to create the accounts in the OS to use them with mysql? 
i create the account "rodelapena" whith its passwd and it failed by
NT_STATUS_BAD_NETWORK_NAME, in theory the authentication worked, but it
wont be necessary to create an OS account to could use it in mysql, am i
wrong??.

i made the changes to the smb.conf that you suggested me before the
creation of the OS account and authentication failed again. 

thanks.

On Wed, 2005-10-26 at 09:14 +0200, Collen Blijenberg wrote:
> Whoh man...
> 
> did you create the unix user-account aswell ??
> 
> also try to change these settings:
> 
> -> encrypt passwords = YES
> -> passdb backend = mysql:mysql
> -> #mysql:username column = username:
> -> #mysql:lanman pass column = lm_pw:
> -> #mysql:nt pass column = nt_pw:
> -> #mysql:plain pass column = plain_pw:
> -> #mysql:unknown_3 column = NULL
> 
> also what version of samba do you use ??
> 
> 
> 
> Rodrigo De la Pena wrote:
> > hi,
> > 
> > /
> > i'm trying to configure samba with the mysql backend but it doesn't
> > work. my smb.conf file is this:
> > /
> > #BOF
> > [global]
> > security = user
> > workgroup = CABRERA
> > encrypt passwords = no
> > ;passdb backend = mysql:/usr/local/samba/lib/pdb/mysql.so
> > passdb backend = mysql:mysql
> > mysql:mysql host = localhost
> > mysql:mysql user = samba
> > mysql:mysql password = abmas
> > mysql:mysql database = samba
> > mysql:mysql table = user
> > 
> > mysql:username column = username:
> > mysql:lanman pass column = lm_pw:
> > mysql:nt pass column = nt_pw:
> > ;mysql:plain pass column = plain_pw:
> > mysql:unknown_3 column = NULL
> > 
> > #EOF
> > 
> > /
> > when i run smbclient it fails
> > /
> > 
> > [EMAIL PROTECTED] ~]# smbclient  //localhost/rodelapena -U rodelapena -d 10
> > /
> > the dir exists in the route showed up. //home2/rodelapena/
> > 
> > 
> > i don't know what is going on, the pdbedit command fails when i try to
> > create an user but doesn't when i update it.
> > 
> > I'm very new in samba, if you can help me with this problem i'll thank
> > you ever.
> > 
> > Thanks a lot.
> > /
> > 
> > 
> > 
> > 
> 
-- 
Rodrigo De la Peña
Soporte Corporativo
Calipso Comunicaciones

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Local groups confusion

[James Watkins]

Hi, I apologise in advance for the length of this email and for the 
possible newbie-ishness of it but I'm having some trouble trying to get 
my head around the Windows NT "Local Groups" concept and was wondering 
if anyone on the list could shed some light on the subject.
I have an NT4 BDC which I am trying to migrate to a Samba domain member 
server (I would like to migrate the entire domain to samba but I don't 
have the expertise to do so with confidence just yet). Anyway, when I 
tried to migrate the shares over, the files copied just fine but the 
ACLs were missing any information pertaining to the NT local groups. A 
few hours of googling later I discovered that samba supports "nested 
groups" (I'm assuming that nested groups are more or less synonymous 
with NT's local groups), however, this is only applicable to local 
groups on the samba side and intended for adding windows domain global 
groups to unix groups.  Apparently NT4 domain local groups are only 
applicable to that domain's PDCs and BDCs.
So I did an experiment, I added myself to several domain local groups 
and went to my samba machine and did:


wbinfo -r "MYDOMAIN\jamesw"

and it gave me a list of gids. I then put each of those gids into:

wbinfo -G GID

to obtain the sids. Finally, I put the SIDs into:

wbinfo -s SID

and there were my domain local group names (or at least some of them - 
the preset groups like "Backup Operators" weren't there for some reason).
My question is this.  Since winbind can map gids to domain local group 
names when asked to do it manually, is there a way to get it to work 
automatically, i.e. when I use chgrp, ls -l, etc.?
Alternatively, is there a way of getting around the fact that some twonk 
set up a load of local groups on my domain when they really wanted to 
use global ones.

Thanks for listening (or reading).
Cheers,
James.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE RE [Samba] Could not get RealPath CORDAF/* (It's a URGENT problem)

[Stéphane Purnelle]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

could you verify the number of group which user2 is member ?

[EMAIL PROTECTED] a écrit :

> Hi,
>
> I have two users which have this problem
>
> For the user1, I have deleted and recreated the user and is work
> fine, no problem. For user2, I make the same thing but, don't work.
>
>
> Note that this user have two laptop : - one with XP - one with
> 2000.
>
> When I recreate the user I verified that it's work with two 2000
> laptop, but when the XP is reconnected  Windows Xp could cuase
> some problem ?
>
> could you help me, the user2 is my director.
>
> --- Stéphane PURNELLE
> [EMAIL PROTECTED] Service Informatique Corman S.A.
> Tel : 00 32 087/342467
>
> [EMAIL PROTECTED] a écrit
> sur 24/10/2005 11:41:24 :
>
>> A other user have the same problem, but :
>>
>> I copied the directory with the same ACL on my test server and
>> work fine
>
> :
>
>>
>> [2005/10/24 10:25:47, 5] smbd/uid.c:change_to_user(304)
>> change_to_user uid=(1041,1041) gid=(0,513) [2005/10/24 10:25:47,
>> 3] smbd/trans2.c:call_trans2findfirst(1629) call_trans2findfirst:
>> dirtype = 16, maxentries = 1366, close_after_first=0,
>> close_if_end = 2 requires_resume_key = 4 level = 0x104,
>> max_data_bytes = 16384 [2005/10/24 10:25:47, 5]
>> smbd/filename.c:unix_convert(108) unix_convert called on file
>> "CORPLA/*" [2005/10/24 10:25:47, 10]
>> smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup
>> failed for name [CORPLA/*] [2005/10/24 10:25:47, 10]
>> smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup
>> succeeded for name [CORPLA] -> [CORPLA] [2005/10/24 10:25:47, 5]
>> smbd/filename.c:unix_convert(175) unix_convert begin: name =
>> CORPLA/*, dirpath = CORPLA, start = * [2005/10/24 10:25:47, 10]
>> smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2005/10/24
>> 10:25:47, 10] smbd/mangle_hash2.c:is_mangled_component(215)
>> is_mangled_component * (len 1) ? [2005/10/24 10:25:47, 10]
>> smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2005/10/24
>> 10:25:47, 10] smbd/mangle_hash2.c:is_mangled_component(215)
>> is_mangled_component * (len 1) ? [2005/10/24 10:25:47, 5]
>> smbd/filename.c:unix_convert(324) New file * [2005/10/24
>> 10:25:47, 8] lib/util.c:is_in_path(1671) is_in_path: CORPLA/*
>> [2005/10/24 10:25:47, 8] lib/util.c:is_in_path(1692) is_in_path:
>> match not found [2005/10/24 10:25:47, 5]
>> smbd/trans2.c:call_trans2findfirst(1683) dir=CORPLA, mask = *
>> [2005/10/24 10:25:47, 5] smbd/dir.c:dptr_create(391) dptr_create
>> dir=CORPLA [2005/10/24 10:25:47, 8] lib/util.c:is_in_path(1671)
>> is_in_path: CORPLA [2005/10/24 10:25:47, 8]
>> lib/util.c:is_in_path(1692) is_in_path: match not found
>> [2005/10/24 10:25:47, 3] smbd/dir.c:dptr_create(511) creating new
>> dirptr 256 for path CORPLA, expect_close = 1 [2005/10/24
>> 10:25:47, 4] smbd/trans2.c:call_trans2findfirst(1740) dptr_num is
>> 256, wcard = *, attr = 22 [2005/10/24 10:25:47, 8]
>> smbd/trans2.c:call_trans2findfirst(1745) dirpath=
>> dontdescend=<> [2005/10/24 10:25:47, 8]
>> smbd/trans2.c:get_lanman2_dir_entry(1077)
>> get_lanman2_dir_entry:readdir on dirptr 0x803ad4c0 now at offset
>> 0 [2005/10/24 10:25:47, 8] smbd/dosmode.c:dos_mode(294) dos_mode:
>> CORPLA/. [2005/10/24 10:25:47, 10]
>> smbd/posix_acls.c:check_posix_acl_group_write(4027)
>> check_posix_acl_group_write: file CORPLA/. match on group 1016 ->
>> can write. [2005/10/24 10:25:47, 10]
>> smbd/posix_acls.c:check_posix_acl_group_write(4078)
>> check_posix_acl_group_write: file CORPLA/. returning (ret = 1).
>> [2005/10/24 10:25:47, 8] smbd/dosmode.c:dos_mode_from_sbuf(162)
>> dos_mode_from_sbuf returning d [2005/10/24 10:25:47, 8]
>> smbd/dosmode.c:dos_mode(328) dos_mode returning d [2005/10/24
>> 10:25:47, 5] smbd/trans2.c:get_lanman2_dir_entry(1167)
>> get_lanman2_dir_entry found CORPLA/. fname=. [2005/10/24
>> 10:25:47, 10] smbd/trans2.c:get_lanman2_dir_entry(1308)
>> get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO
>>
>>
>> And on the produc server : [2005/10/24 11:04:56, 4]
>> smbd/uid.c:change_to_user(217) change_to_user: Skipping user
>> change - already user [2005/10/24 11:04:56, 3]
>> smbd/trans2.c:call_trans2findfirst(1629) call_trans2findfirst:
>> dirtype = 16, maxentries = 1366, close_after_first=0,
>> close_if_end = 2 requires_resume_key = 4 level = 0x104,
>> max_data_bytes = 16384 [2005/10/24 11:04:56, 5]
>> smbd/filename.c:unix_convert(108) unix_convert called on file
>> "CORPLA/*" [2005/10/24 11:04:56, 10]
>> smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup
>> failed for name [CORPLA/*] [2005/10/24 11:04:56, 10]
>> smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup
>> succeeded for name [CORPLA] -> [CORPLA] [2005/10/24 11:04:56, 5]
>> smbd/filename.c:unix_convert(175) unix_convert begin: name =
>> CORPLA/*, dirpath = CORPLA, start = * [2005/10/24 11:04:56, 10]
>> smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2005/10/24
>> 11:04:56,

[Samba] Re: Question about pam_winbind

[Rex Dieter]

Fawzib Rojas wrote:

I want to only allow access to a certain group 'Domain Power Users', so 
it seems I have to do the following:
   a) wbinfo -name-to-sid="domain power users", which gives me the 
group's SID

   b) add the parameter 'require_membership_of='
   c) restart samba


pam_winbind != samba.  Did you restart winbind?  Check also that you've 
got winbind functioning with pam for account information (ie, UID 
lookup, etc..) and not just for authentication.


-- Rex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Excel files locked for editing periodically in SAMBA 2.2.8a?

[Covington, Chris]

On Wed, Oct 26, 2005 at 12:49:30PM -0400, Paul Apking wrote:
> This is happening periodically on our network with users using excel 
> documents. Either with Office 2000,XP or 2003. The problem seems to 
> happen for a day or so then disappear for a while again. I've read it 
> might be the version of Samba we are using?  If so, is there a 
> workaround that we could try until we upgrade in a couple weeks?

The best workaround is to upgrade sooner rather than later. ;)  You'll
be hard pressed to find support for that version.

---
Chris Covington
IT
Plus One Health Management
75 Maiden Lane Suite 801
NY, NY 10038
646-312-6269
http://www.plusoneactive.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Question about pam_winbind

[Fawzib Rojas]

I was looking at the documentation at samba.org and it says the following:

require_membership_of=[SID or NAME]

If this option is set, pam_winbind will only succeed if the user is a 
member of the given SID or NAME. A SID can be either a group-SID, a 
alias-SID or even a user-SID. It is also possible to give a NAME instead 
of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or 
/|MYDOMAIN\myuser|/. pam_winbind will, in that case, lookup the SID 
internally. Note that NAME may not contain any spaces. It is thus 
recommended to only use SIDs. You can verify the list of SIDs a user is 
a member of with *wbinfo --user-sids=SID*.


I want to only allow access to a certain group 'Domain Power Users', so 
it seems I have to do the following:
   a) wbinfo -name-to-sid="domain power users", which gives me the 
group's SID

   b) add the parameter 'require_membership_of='
   c) restart samba

I did this but it isn't working. Can somebody help me with this? What am 
I doing wrong? BTW I'm using Samba 3.0.14 (ubuntu)  
  
--

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Excel files locked for editing periodically in SAMBA 2.2.8a?

[Paul Apking]

This is happening periodically on our network with users using excel 
documents. Either with Office 2000,XP or 2003. The problem seems to 
happen for a day or so then disappear for a while again. I've read it 
might be the version of Samba we are using?  If so, is there a 
workaround that we could try until we upgrade in a couple weeks?


Regards,

--
-Paul 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: AW: AW: AW: [Samba] Migration to Samba using external LDAPserver(CLARIFICATION NEEDED)

[Matthew Easton]

On Oct 26, 2005, at 6:53 AM, Michael Gasch wrote:


# a similar command exists that will set the user id of a directory
chmod u+s $directory


not at all :)
you have to use force user or inherit owner via samba


Oops. of course you are right.
Funny how I distinctly remember doing this, and it working.
... apparently in the same universe where cars generate their own fuel.

The bit about sgid still stands, however.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE [Samba] syslog

[Alan Glait]

any idea ¿?

Alan Glait wrote:


# smbd -V
Version 3.0.10


[EMAIL PROTECTED] wrote:


What version of samba ?

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
26/10/2005 16:55:48 :


 

strange but ... with man smb.conf nothing about syslog ... and in my 
smb.conf ... now ... nothing too ...


[EMAIL PROTECTED] wrote:

  


Hi,

man smb.conf

syslog (G)
This  parameter  maps  how  Samba  debug  messages  are 
logged onto the system syslog logging levels. Samba debug level 
zero 


maps  


onto syslog
LOG_ERR, debug level one maps onto LOG_WARNING, debug 


level  

two maps onto LOG_NOTICE, debug level three maps onto LOG_INFO. All 



higher  


levels
are mapped to  LOG_DEBUG.

This parameter sets the threshold for sending messages 
to 




 

syslog. Only messages with debug level less than this value will be 



sent  


to syslog.

Default: syslog = 1

 syslog only (G)
If this parameter is set then Samba debug messages are 
logged into the system syslog only, and not to the debug log files.


Default: syslog only = no

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 
087/342467


[EMAIL PROTECTED] a écrit 
sur 26/10/2005 15:58:45 :







How to stop loging with syslog ??
now, samba log to /var/log/samba/* and to log file defined in 
syslogd.conf in *.info entry ...

I only want /var/log/samba/* ...

thanx for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


  



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
  






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba without netbios

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John H Terpstra wrote:

| The desire by the person who asked the question is to run
| a Samba-3 server  without NetBIOS. The intent, as I
| understood the request, is to run Samba-3 as a Domain
| Controller without NetBIOS, and no MS ADS server.
|
| To the Samba admin: Go on try it! That's the best
| advice. That way you will see what works and what
| doesn't. Don't take anyone's advice - noone does
| anyhow.

OK.  For the original post and for the archives...


* Samba is the equivalent of an NT 4 domain controller.
Windows NT 4 requires netbios.

* Samba is the equivalent of a Windows 2000 domain member
server.  No netbios required here.



cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX64jIR7qMdg1EfYRAuDfAJ90piMOnIDI4ha7amhztz8yEFcWewCgvcyK
+1qpETlv5Vy2meuP2mKjwWw=
=VH88
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba without netbios

[John H Terpstra]

On Wednesday 26 October 2005 06:22, Gerald (Jerry) Carter wrote:
> John H Terpstra wrote:
> | OK - I'll try to answer this.
> |
> | Originally Windows networking used only NetBIOS over TCP/IP.
>
> You said the 'N' wordI wonder if Chris will magically
> appear.

No, Chris is sleeping at the wheel and his toaster has turned to charcoal. :-)

NetBIOS -- NetBIOS -- Wake up Chris! :-)

>
> | Browsing uses a complex interaction of name registration
> | and resolution  involving UDP ports 137 and 138. Port 137
> | is the NetBIOS Name Server port,  but it is also used to
> | handle all browsing operations. Browsing is the
> | ability to locate domains and machines over the network.
>
> Not completely true. The NetServerEnum commands are CIFS/SMB ops.
> (I know you just forgot this point).   The browsing election
> and name resolution services are done via port 137 and 138
> though.

Agreed. I was trying to avoid writing another book. ;-/

> | On Windows 200X clients, when NetBIOS over TCP/IP is disabled,
> | and an attempt is made to join a domain, the client
> | automatically tries to use the combination of DNS, Kerberos,
> | LDAP and TCP port 445 services with the expectation that
> | Microsoft Active Directory is being used. In order to remain
> | backwards compatible, TCP port 139 can also be used.
>
> Do you have traces of this?  When netbios is disabled, I've never
> seen any related traffic on port 139.  That's kind of the point of
> disabling netbios services.

Dang, obviously if NetBIOS over TCP/IP is disabled, port 139 is disabled. 
Sorry, it was the milk I drank - the cool-aide was OK.

> | The mechanisms behind TCP ports 139 and 445 are very
> | different. A connection made on port 445 must be able
> | to resolve the fully qualified hostname using the
> | protocols expected within ADS. That is, via DNS using
> | SRV records as well as A records.
>
> You're not limited to SRV and A records of course.  You just
> need to resolve the name via DNS.  Or just use an IP address.
>
> | Additionally, the client will try to use Kerberos information
> | to contact the DNS server and the LDAP server.
>
> This line is confusing, but I assume you mean looking up
> the KDC and directory servers via SRV records.
>
> | It expects to find SMB information in the Kerberos PAC
> | (a data blob inside the Kerberos ticket that is unique
> | to ADS's implementation).
>
> Geeze I know I sound like Chris nowbut what is SMB
> information?  Since this thread will undoubtedly be referred
> to later on and for the sake of clarification
>
> You mean the users SID and group membership.  that is
> really irrelevant to the SMB protocol.  And is specific
> to MS's security model (again I know you know this, but
> not everyone does).

Thanks for stepping in to clarify this for the record.

> | With ADS browsing involves DNS, LDAP and Raw SMB traffic over
> | ports 445 and 139. The client expects all the information
> | that it wold obtain if it were a member of an ADS domain.
>
> Again, you need to be clear on whether you are talking about browsing
> the directory for the network.  Directory browsing is just LDAP search
> requests.  Network browsing still requires netbios.

Of course.

> | Samba-3 can be a file and print server for Windows clients
> | that have NetBIOS disabled - but some things may break.
>
> Not true.  If you set 'disable netbios = yes' and don't
> start nmbd, things should work just fine in a AD environment
> with "security = ads".  if something doesn't work that should,
> it is a bug.
> | In short, NetBIOS-less SMB implies ADS. Samba-3 is not an
> | ADS server. Ergo, NO ADS for all practical purposes means
> | DOES NOT WORK.
>
> Sorry John.  This is just wrong.  Samba as a member server
> should be fine when you disable netbios.  Unless I just
> don't understand what you are trying to say.

The desire by the person who asked the question is to run a Samba-3 server 
without NetBIOS. The intent, as I understood the request, is to run Samba-3 
as a Domain Controller without NetBIOS, and no MS ADS server.

To the Samba admin: Go on try it! That's the best advice. That way you will 
see what works and what doesn't. Don't take anyone's advice - noone does 
anyhow.

Patches! That what I want - documentation patches! I want to see the 
contributions flood in again. Where are all the smart people who can help fix 
the lousy documentation? Give it to me, let it roar.

Jerry, thanks for the clarification and for the correction.

- John T.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Group ownership[VASCL:A17D1EDC742]

[Richmond Dyes]

I have several different directories on my samba 3.14 running on centos 
4.1.  I have several different groups that have access to each 
directory.  So directory1 group is group1.  The problem is when a user 
writes to the directory he has owner and group privileges in his/her 
name. So file1 owner is user1 and group is user1.  Shouldn't this be 
user1 as owner and group1 as group? 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows XP copies to Samba share slow on some folders

[PC]

I am experiencing a strange problem when copying large files to certain 
folders on a mounted Samba share (3.0.20b). I have also verfied the problem 
occurs with Samba 3.0.20 and 20a.

I can copy the file (560MB) to most folder (for example /home/pc/temp) with 
write speeds of about 7.5 - 10 MBytes / Sec and completes in a minute or two. 
However when I copy the file to a folder named /home/pc/Vault, the copy run 
extremly slow and takes about 50-60 minutes to complete.

The ownership/permission of the folders is the same (drwxrws---).

The problem only occurs for Windows to Samaba copies. I tested the copies 
using scp between two linux system and the copy rate are the same between all 
folders.

I looked in the smb.log file and did not see any errors or warnings.

Very odd...



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] getpeername failed. Error was Transport endpoint is not connected

[Andreas Bauer]

Hello NG

I'm trying without success to join a XP workstation in a Samba/openldap 
domain

SuSE 9.3)and to connect this samba/ldap as fileserver.

On samba machine I'm getting this errormessage:

my var/log/samba/smbd:

[2005/10/26 16:24:04, 0] lib/util_sock.c:get_peer_addr(1150)
  getpeername failed. Error was Transport endpoint is not connected
[2005/10/26 16:26:28, 0] lib/util_sock.c:get_peer_addr(1150)
  getpeername failed. Error was Transport endpoint is not connected



The errormessage of XP after the login machinejoining XP GUI

is:

"couldn't found the username", but the NetBios Administratoraccount

is existing.

Can somebody help me, any idea?



Best regards and many thanks

Andreas



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] -DIdmap_rid_support_trusted_domains

[Michael Gasch]

i'm sorry guenther, just one more question:
are my options correct? because i still get "rid_idmap_get_id_from_sid: 
no suitable range available for sid" and if i set "allow trusted domains 
= yes" winbindd won't idmap at all :( although the flag was set and


#if IDMAP_RID_SUPPORT_TRUSTED_DOMAINS
DEBUG(3,("rid_idmap_init: enabling 
trusted-domain-mapping\n"));


should appear (from idmap_rid.c) in winbindd.log

but i get
#else
DEBUG(0,("rid_idmap_init: idmap_rid does not work with 
trusted domains\n"));
DEBUGADD(0,("rid_idmap_init: please set \"allow trusted 
domains\" to \"no\" when using idmap_rid\n"));

return nt_status;

???

thx again


Guenther Deschner wrote:

Hi Michael,

On Wed, Oct 26, 2005 at 04:21:15PM +0200, Michael Gasch wrote:


hi,

i have a question about winbind, idmap_rid and trusted domains. at 
sambaxp jerry said it's possible to have idmap_rid working with trusted 
domains. this is what we would like to have here.



Please, please, please just experiment with that when you exactly know
what you are doing.


smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be 
this is normal, but how do i ensure that this option is in my binary w/ 
testing too much :) or how can i compile it myself? will this work only 
on samba >3.0.14a or with all samba versions that are shipped with 
idmap_rid support?



This will work with all versions.

Simply put it into the CFLAGS before compiling

CFLAGS="-DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS" ./configure --your-opts && make 


Guenther

BTW: The packages available at ftp://ftp.suse.com/pub/projects/samba all
have this flag set.



--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE [Samba] syslog

[Alan Glait]

# smbd -V
Version 3.0.10


[EMAIL PROTECTED] wrote:


What version of samba ?

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
26/10/2005 16:55:48 :


 

strange but ... with man smb.conf nothing about syslog ... 
and in my smb.conf ... now ... nothing too ... 



[EMAIL PROTECTED] wrote:

   


Hi,

man smb.conf

syslog (G)
This  parameter  maps  how  Samba  debug  messages  are 
logged onto the system syslog logging levels. Samba debug level zero 
 

maps 
 


onto syslog
LOG_ERR, debug level one maps onto LOG_WARNING, debug 
 

level 
 

two maps onto LOG_NOTICE, debug level three maps onto LOG_INFO. All 
 

higher 
 


levels
are mapped to  LOG_DEBUG.

This parameter sets the threshold for sending messages to 
 



 

syslog. Only messages with debug level less than this value will be 
 

sent 
 


to syslog.

Default: syslog = 1

 syslog only (G)
If this parameter is set then Samba debug messages are 
logged into the system syslog only, and not to the debug log files.


Default: syslog only = no

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
26/10/2005 15:58:45 :




 


How to stop loging with syslog ??
now, samba log to /var/log/samba/* and to log file defined in 
syslogd.conf in *.info entry ...

I only want /var/log/samba/* ...

thanx for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
   



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ADS + Samba

[Romanin, Reno]

Hello Samba list! 


I have installed samba, joined it to the AD domain (lets say EXAMPLE.COM)
and can auth against it with kinit.

There are also 2 domains that we have a trust established with. Lets say
trust1 and trust2.

When I do a wbinfo -u I get:

Trust1+username
Trust2+username

I get nothing from the local domain.

I have a share set up for testing, but I cannot access it at all, I get
prompted for a username and password.

I will include the configs from everything at the bottom of this email. 

I'm sure it's something that I'm just overlooking, it usually is ;)

TIA

-reno

Configs:

Smb.conf

[global]
netbios name = sambaserver
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind gid = 1-2
workgroup = WORKGROUP 
os level = 20
winbind enum groups = yes
socket address = 192.168.1.2
password server = ADSERVER
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba3/log.%m
encrypt passwords = yes
dns proxy = no
realm = EXAMPLE.COM 
security = ADSERVER
wins server = 192.168.1.1
wins proxy = no


[test]
comment = Test Share
writeable = yes
path = /samba/test
force user = DOMAIN+user
browsable = yes
available = yes



krb5.conf


[libdefaults]
ticket_lifetime = 600
default_realm = EXAMPLE.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
EXAMPLE.COM = {
kdc = adserver.example.com:88


nsswitch.conf

passwd:  compat winbind
group:  compat winbind
shadow:  compat
hosts:  files dns wins
networks:  files dns
protocols:  db files
services:  db files
ethers:  db files
rpc:  db files



kdc.conf

[kdcdefaults]
kdc_ports = 88,750

[realms]
EXAMPLE.COM = {
database_name = /etc/krb5kdc/principal
admin_keytab = /etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
dict_file = /etc/krb5kdc/kadm5.dict
key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
}






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE [Samba] syslog

[stephane . purnelle]

What version of samba ?

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
26/10/2005 16:55:48 :

> strange but ... with man smb.conf nothing about syslog ... 
> and in my smb.conf ... now ... nothing too ... 
> 
> 
> [EMAIL PROTECTED] wrote:
> 
> >Hi,
> >
> >man smb.conf
> >
> > syslog (G)
> >  This  parameter  maps  how  Samba  debug  messages  are 
> >logged onto the system syslog logging levels. Samba debug level zero 
maps 
> >onto syslog
> >  LOG_ERR, debug level one maps onto LOG_WARNING, debug 
level 
> >two maps onto LOG_NOTICE, debug level three maps onto LOG_INFO. All 
higher 
> >levels
> >  are mapped to  LOG_DEBUG.
> >
> >  This parameter sets the threshold for sending messages to 

> >syslog. Only messages with debug level less than this value will be 
sent 
> >to syslog.
> >
> >  Default: syslog = 1
> >
> >   syslog only (G)
> >  If this parameter is set then Samba debug messages are 
> >logged into the system syslog only, and not to the debug log files.
> >
> >  Default: syslog only = no
> >
> >---
> >Stéphane PURNELLE [EMAIL PROTECTED]
> >Service Informatique   Corman S.A.   Tel : 00 32 087/342467
> >
> >[EMAIL PROTECTED] a écrit sur 
> >26/10/2005 15:58:45 :
> >
> > 
> >
> >>How to stop loging with syslog ??
> >>now, samba log to /var/log/samba/* and to log file defined in 
> >>syslogd.conf in *.info entry ...
> >>I only want /var/log/samba/* ...
> >>
> >>thanx for any help
> >>-- 
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  https://lists.samba.org/mailman/listinfo/samba
> >> 
> >>
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unicode, ASCII, and Samba3 ...

[Julien Ailhaud]

Problem summary :
Files created with samba2 are now unreadable with samba3. I tested all
possible settings in samba, rebuild it with libiconv, already posted here
without reply ... without success.

Today I analyzed the traffic between my station and the server, and I found an
interresting thing :

With both version, filenames are transmited in ascii
code  130 gives "é"
code  135 gives "ç"
code  151 gives "ù"

But ...

In packets exchanged  by my Samba2 server and the stastion, the flag "unicode
strings" is set to Zero ( --> ASCII )

In packets exchanged  by my Samba3 server and the stastion, the flag "unicode
strings" is set to One ( --> UNICODE )


I think that the problem is here, but I can't find how to change it, forcing
my Samba to use ASCII there.

Any  Idea ??

Thanks.


Ce message est protégé par les règles relatives au secret des correspondances. 
Il est donc établi à destination exclusive de son destinataire. Celui-ci peut 
donc contenir des informations confidentielles. La divulgation de ces 
informations est à ce titre rigoureusement interdite. Si vous avez reçu ce 
message par erreur, merci de le renvoyer à l'expéditeur dont l'adresse e-mail 
figure ci-dessus et de détruire le message ainsi que toute pièce jointe.

This message is protected by the secrecy of correspondence rules. Therefore, 
this message is intended solely for the attention of the addressee. This 
message may contain privileged or confidential information, as such the 
disclosure of these informations is strictly forbidden. If, by mistake, you 
have received this message, please return this message to the addressser whose 
e-mail address is written above and destroy this message and all files attached.-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE [Samba] syslog

[Alan Glait]

strange but ... with man smb.conf nothing about syslog ... 
and in my smb.conf ... now ... nothing too ... 



[EMAIL PROTECTED] wrote:


Hi,

man smb.conf

syslog (G)
 This  parameter  maps  how  Samba  debug  messages  are 
logged onto the system syslog logging levels. Samba debug level zero maps 
onto syslog
 LOG_ERR, debug level one maps onto LOG_WARNING, debug level 
two maps onto LOG_NOTICE, debug level three maps onto LOG_INFO. All higher 
levels

 are mapped to  LOG_DEBUG.

 This parameter sets the threshold for sending messages to 
syslog. Only messages with debug level less than this value will be sent 
to syslog.


 Default: syslog = 1

  syslog only (G)
 If this parameter is set then Samba debug messages are 
logged into the system syslog only, and not to the debug log files.


 Default: syslog only = no

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
26/10/2005 15:58:45 :


 


How to stop loging with syslog ??
now, samba log to /var/log/samba/* and to log file defined in 
syslogd.conf in *.info entry ...

I only want /var/log/samba/* ...

thanx for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
   



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] -DIdmap_rid_support_trusted_domains

[Michael Gasch]

thank you so much for your quick answer
i hope it's not THAT experimental?!?!

cheerz

Guenther Deschner wrote:

Hi Michael,

On Wed, Oct 26, 2005 at 04:21:15PM +0200, Michael Gasch wrote:


hi,

i have a question about winbind, idmap_rid and trusted domains. at 
sambaxp jerry said it's possible to have idmap_rid working with trusted 
domains. this is what we would like to have here.



Please, please, please just experiment with that when you exactly know
what you are doing.


smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be 
this is normal, but how do i ensure that this option is in my binary w/ 
testing too much :) or how can i compile it myself? will this work only 
on samba >3.0.14a or with all samba versions that are shipped with 
idmap_rid support?



This will work with all versions.

Simply put it into the CFLAGS before compiling

CFLAGS="-DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS" ./configure --your-opts && make 


Guenther

BTW: The packages available at ftp://ftp.suse.com/pub/projects/samba all
have this flag set.



--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaLogonHours and timezones

[David Wilson]

Thanks Jerry and Jim.
Greatly appreciated.



David Wilson
CNS, CLS, Linux+
033 3427003
082 4147413
0860-1-LINUX
[EMAIL PROTECTED] 



- Original Message - 
From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]>

To: "David Wilson" <[EMAIL PROTECTED]>
Cc: ; <[EMAIL PROTECTED]>
Sent: Wednesday, October 26, 2005 2:41 PM
Subject: Re: [Samba] sambaLogonHours and timezones



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Wilson wrote:
| Hi Jerry,
|
| Thanks for your reply.
|
| Sound like what you've said is correct.
|
| Could it not be that the values being stored are in
| GMT and that's why  my clients (Windows XP) who are in
| the SAST timezone (GMT+2) cannot log on two hours
| before they would normally not be able to ?

| Perhaps it's the NT User Manager running on XP that
| is perhaps not  picking up the correct timezone of
| the XP desktop when we set the logon hours ? Perhaps
| the NT User Manager believes it's in GMT ?
|
| A shot in the dark ? :)

Could be.  I've copied Jim McDonough on this this he
has been poking with usrmgr.exe more than I have lately.
I'm hoping (hey Jim :) ) that he'll be able to follow
though with any untested corner cases here.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3ljIR7qMdg1EfYRAoKrAJ0WGn7o2DEAuCxqwTsEILPRdvb03gCeLCyU
nPBRCJJdPFIlKwyGfNdpg6E=
=+1Rz
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] -DIdmap_rid_support_trusted_domains

[Guenther Deschner]

Hi Michael,

On Wed, Oct 26, 2005 at 04:21:15PM +0200, Michael Gasch wrote:
> hi,
> 
> i have a question about winbind, idmap_rid and trusted domains. at 
> sambaxp jerry said it's possible to have idmap_rid working with trusted 
> domains. this is what we would like to have here.

Please, please, please just experiment with that when you exactly know
what you are doing.

> smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be 
> this is normal, but how do i ensure that this option is in my binary w/ 
> testing too much :) or how can i compile it myself? will this work only 
> on samba >3.0.14a or with all samba versions that are shipped with 
> idmap_rid support?

This will work with all versions.

Simply put it into the CFLAGS before compiling

CFLAGS="-DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS" ./configure --your-opts && make 

Guenther

BTW: The packages available at ftp://ftp.suse.com/pub/projects/samba all
have this flag set.
-- 
Günther DeschnerGPG-ID: 8EE11688
Novell / SUSE LINUX   [EMAIL PROTECTED]
Samba Team  [EMAIL PROTECTED]


pgpPLQzfwcMvw.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] -DIdmap_rid_support_trusted_domains

[Michael Gasch]

ok, one step further:

idmap backend = idmap_rid:DOMA=1-2,TRUSTDOMB=20001-3
idmap uid = 1-3
idmap gid = 1-3
winbind enum users = no
winbind enum groups = no
template shell = /bin/bash
allow trusted domains = no
winbind trusted domains only =no
winbind use default domain = yes

id user (from DOMA) gives a UIDNumber (according to idmap range).

id TRUSTDOMB\user gives
[  978]: sid to uid S-1-5-21-3912345646-894196617-3681078760-4070
rid_idmap_get_id_from_sid: no suitable range available for sid: 
S-1-5-21-3912345646-894196617-3681078760-4070


???

i think the compile time option -DIdmap_rid_support_trusted_domains is 
still missing, but how to find this out or how to enable it?


thx!


Michael Gasch wrote:

hi,

i have a question about winbind, idmap_rid and trusted domains. at 
sambaxp jerry said it's possible to have idmap_rid working with trusted 
domains. this is what we would like to have here.


smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be 
this is normal, but how do i ensure that this option is in my binary w/ 
testing too much :) or how can i compile it myself? will this work only 
on samba >3.0.14a or with all samba versions that are shipped with 
idmap_rid support?


thx for your help in advance!
cheerz




--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Share of NFS filesystem

[Jeremy Allison]

On Wed, Oct 26, 2005 at 03:02:23PM +0200, Ulrich Bernhard wrote:
> On a local disk with quota the 'over quota' error occured while writing 
> to that disk and the windows box reports the error as 'disk is full'.
> A local copy on the linux server to a local filesystem with quota (/data 
> is on that filesystem):
> cp /tmp/large-file /data
> cp: writing `/data/large-file': Disk quota exceeded
> 
> Writing on the linux server to the nfs filesystem the 'over quota' error 
> occured whis the close (the /home/rzubu directory is on the nfs filesystem):
> cp /tmp/large-file /home/rzubu
> cp: closing `/home/rzubu/large-file': Disk quota exceeded
> 
> Sorry I do not have other nfs mounted filesystems with quota.

NFS is allowed to return a "disk full" error on close - the trouble
is that Windows clients won't recognise it. You could try setting
"strict allocate = yes" to change when the writes occur from the
client NFS redirector - but this is going to be horribly slow.

The best thing to do with quota-enabled filesystems is to host
them on the Samba box I'm afraid.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Elections (browse Master)

[Martin Hochreiter]

Hi!

I have a Samba 3.20b in Subnet 192.168.2.0 and a
Windows 2000 (AD) PDC in 192.168.1.0.

So I made Samba a AD member Server and told
him to be a local master (and preferred master with
os level 32) but not a domain master.

No Windows and Samba fight continuously about
local master browser in 192.168.2.0  - is that a  normal
behaviour or a "bad thing"?

lg
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] -DIdmap_rid_support_trusted_domains

[Michael Gasch]

hi,

i have a question about winbind, idmap_rid and trusted domains. at 
sambaxp jerry said it's possible to have idmap_rid working with trusted 
domains. this is what we would like to have here.


smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be 
this is normal, but how do i ensure that this option is in my binary w/ 
testing too much :) or how can i compile it myself? will this work only 
on samba >3.0.14a or with all samba versions that are shipped with 
idmap_rid support?


thx for your help in advance!
cheerz

--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE [Samba] SambaPasswdMustChange problem

[misty]

I have done that now.  Will that override the individual
sambaPasswdMustChange values in LDAP?

On Wed, October 26, 2005 8:57 am, [EMAIL PROTECTED] wrote:
> Hi,
>
>
> Have you specified the maximum password age with pdbedit
>
>
> pdbedit -P "maximum password age" -C 7776000 Samba takes age in seconds,
> so 60*60*24*90, is what you need.
>
> ---
> Stéphane PURNELLE [EMAIL PROTECTED]
> Service Informatique   Corman S.A.   Tel : 00 32 087/342467
>
>
> [EMAIL PROTECTED] a écrit sur
> 26/10/2005 15:36:41 :
>
>
>> I set my users up with smbldap-tools.  SambaPasswdMustChange is
>>
> populated
>> appropriately.  The first time the user is prompted to change their
>> password, and does so, the value in SambaPasswdMustChange goes to
>> 2147483647 which is basically never.  Can anybody tell me why this
>> might be happening?  Do I have to set this somewhere in smb.conf?
>>
>> Thanks,
>> Misty
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE [Samba] syslog

[stephane . purnelle]

Hi,

man smb.conf

 syslog (G)
  This  parameter  maps  how  Samba  debug  messages  are 
logged onto the system syslog logging levels. Samba debug level zero maps 
onto syslog
  LOG_ERR, debug level one maps onto LOG_WARNING, debug level 
two maps onto LOG_NOTICE, debug level three maps onto LOG_INFO. All higher 
levels
  are mapped to  LOG_DEBUG.

  This parameter sets the threshold for sending messages to 
syslog. Only messages with debug level less than this value will be sent 
to syslog.

  Default: syslog = 1

   syslog only (G)
  If this parameter is set then Samba debug messages are 
logged into the system syslog only, and not to the debug log files.

  Default: syslog only = no

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
26/10/2005 15:58:45 :

> How to stop loging with syslog ??
> now, samba log to /var/log/samba/* and to log file defined in 
> syslogd.conf in *.info entry ...
> I only want /var/log/samba/* ...
> 
> thanx for any help
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE [Samba] SambaPasswdMustChange problem

[stephane . purnelle]

Hi,

Have you specified the maximum password age with pdbedit 

pdbedit -P "maximum password age" -C 7776000
Samba takes age in seconds, so 60*60*24*90, is what you need.

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
26/10/2005 15:36:41 :

> I set my users up with smbldap-tools.  SambaPasswdMustChange is 
populated
> appropriately.  The first time the user is prompted to change their
> password, and does so, the value in SambaPasswdMustChange goes to
> 2147483647 which is basically never.  Can anybody tell me why this might
> be happening?  Do I have to set this somewhere in smb.conf?
> 
> Thanks,
> Misty
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] manage windows domain with samba

[Christoph Litauer]

Hi,

I try to manage user objects in a windows 2000 domain using sambas
'net'-commands (samba 3.0.20). I am able to create a new user using
net rpc -S domainserver user add testuser -U Administrator

But how can I set the users password, homedir, description, profile
path, etc.? Is it possible?

-- 
Regards
Christoph

Christoph Litauer  [EMAIL PROTECTED]
Uni Koblenz, Computing Center, http://www.uni-koblenz.de/~litauer
Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311
PGP-Fingerprint: F39C E314 2650 650D 8092 9514 3A56 FBD8 79E3 27B2

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] syslog

[Alan Glait]

How to stop loging with syslog ??
now, samba log to /var/log/samba/* and to log file defined in 
syslogd.conf in *.info entry ...

I only want /var/log/samba/* ...

thanx for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: AW: AW: AW: [Samba] Migration to Samba using external LDAPserver(CLARIFICATION NEEDED)

[Michael Gasch]

# a similar command exists that will set the user id of a directory
chmod u+s $directory

not at all :)
you have to use force user or inherit owner via samba

greez

--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Remove default homeshare

[Lars]

Hi

I'm running a samba-server as fileserver on a Windows 2003 PDC. The users
are create on the WinServer, and the homefolders are defined in the AD and
stored on the sambaserver //server/homes/%user%. But samba still creates
the default share with the same name as the user. How di I disable that. I
have # everything that's named something like home and etc..

/Lars

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How does Samba handle unexpected disconnects?

[Paul Griffith]

Greetings,

I have been looking for infomation on how Samba handle rude
disconnects. Here is the test

#1 - Login to Samba hosted Domain
#2 - Turn off the computer; Turn the computer back on
#3 - goto to step #1 and repeat

Now at some point my login should fail...right?

If I try the above steps, after the 5-6th power off I get ''
Domain not found!

Questions

Does Samba kill the connection after the dead time has been reached
assuming deadtime has been set?

Does the OS timeout the TCP connnection and kill the connection ?

Do these zombie connections limit or effect new connections?

Thanks
Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SambaPasswdMustChange problem

[misty]

I set my users up with smbldap-tools.  SambaPasswdMustChange is populated
appropriately.  The first time the user is prompted to change their
password, and does so, the value in SambaPasswdMustChange goes to
2147483647 which is basically never.  Can anybody tell me why this might
be happening?  Do I have to set this somewhere in smb.conf?

Thanks,
Misty

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] cups/samba/filename

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
| Hi all,
|
| I use cups and samba on a mandriva2006 linux box.

| and i'd like to see the correct filename printed,
| not the samba filename smbprn.xx
| is there a function in  samba ?

No.  This is current;y by design.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX4NcIR7qMdg1EfYRApwJAJ4rVGZCgT6marBOvsXSYygE+z/4GACfX1Kz
1OQbUy9h+vcYBGiv443bjKQ=
=FdYH
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] debug_lookup_classname(ads/rpc): Unknown class

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Lars Dam wrote:
| Hi Jerry,
|
| I'v got FC4 with the development version of samba (3.0.20-2)
|
| I still have these debug_lookup_classname(ads): Unknown class and
| debug_lookup_classname(rpc): Unknown class errors.
|
| winbind aswell as smbd and nmbd are reporting this same error.

What is your log level (or debug level) setting ?  Samba
is complaining that you have something like 'log level = foo:1'
and there is no valid debuging class named foo.

The valid debug class specifiers are defined in source/lib/debug.c

static const char *default_classname_table[] = {
"all",   /* DBGC_ALL; index refs traditional
DEBUGLEVEL */
"tdb",   /* DBGC_TDB  */
"printdrivers",  /* DBGC_PRINTDRIVERS */
"lanman",/* DBGC_LANMAN   */
"smb",   /* DBGC_SMB  */
"rpc_parse", /* DBGC_RPC_PARSE*/
~"rpc_srv",   /* DBGC_RPC_SRV  */
"rpc_cli",   /* DBGC_RPC_CLI  */
"passdb",/* DBGC_PASSDB   */
"sam",   /* DBGC_SAM  */
"auth",  /* DBGC_AUTH */
"winbind",   /* DBGC_WINBIND  */
"vfs",   /* DBGC_VFS  */
"idmap", /* DBGC_IDMAP*/
"quota", /* DBGC_QUOTA*/
"acls",  /* DBGC_ACLS */
"locking",   /* DBGC_LOCKING  */
"msdfs", /* DBGC_MSDFS*/
NULL
};









cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX4JjIR7qMdg1EfYRAvjjAKDwhWH3wpsV88035SJaz0DvevY4TACfWkTc
kcN7raydajvC3Yz1XZa+eNo=
=DCZS
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NTLM auth problems.

[Andrew Bartlett]

On Tue, 2005-10-25 at 12:11 +0200, Ian Barnes wrote:
> Hi,
> 
> I have encountered a problem and I don't know how or if I can work around
> the problem.
> 
> I setup squid to use NTLM to auth against a 2003 machine. On windows 2003
> there is a security option called: "Network Security: LAN Manager
> authentication level properties", now the default option for this setting
> is: "Send NTLM response only". If I use the defaults, I can connect fine and
> users can auth and everything is perfect. The problem comes in when I change
> that setting to read: "Send NTLMv2 response only\refuse LM & NTLM", then I
> cant auth anymore, I cant even join the domain anymore.
> 
> I am running squid version 2.5.stable4 with samba 3.0.10. My configuration
> looks as follows:
> 
> I run the following command to join the domain which works if I have the
> default option enabled, and fails with invalid username or password with the
> custom setting:
> # /usr/local/bin/net join -S SERVER -w DOMAIN -U username%password
> 
> I then run winbindd and nmbd. If the default setting in 2003 is used, I can
> then view users and groups, but with custom setting it doesn't get this far
> because the net join fails.

Easy.  Set 'client ntlmv2 auth = yes' in your smb.conf, which is the
same as the client side of the system policy you describe above.

'net ads join' may also have worked.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Share of NFS filesystem

[Ulrich Bernhard]

On a local disk with quota the 'over quota' error occured while writing 
to that disk and the windows box reports the error as 'disk is full'.
A local copy on the linux server to a local filesystem with quota (/data 
is on that filesystem):

cp /tmp/large-file /data
cp: writing `/data/large-file': Disk quota exceeded

Writing on the linux server to the nfs filesystem the 'over quota' error 
occured whis the close (the /home/rzubu directory is on the nfs filesystem):

cp /tmp/large-file /home/rzubu
cp: closing `/home/rzubu/large-file': Disk quota exceeded

Sorry I do not have other nfs mounted filesystems with quota.

Thanks

Ulrich



Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ulrich Bernhard wrote:

| We have a samba share which is a NFS mounted filesystem
| with user quota. The samba server runs SuSE 9.2, the
| samba version is 3.0.20b. The filesystem is nfs mounted
| from a NetApp fileserver.

How do quotas work for you on a local file system?
What about other NFS mounted file systems?  Why guess
would be there's some issue with how the NetApp box and Samba are
interacting wrt to quota information.







cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3bwIR7qMdg1EfYRAhUbAJ9D7ecomOoJCOMljii0GiP/Z+lrywCfc990
iT6J/XK5w8yawWwhjpHKGoI=
=ecll
-END PGP SIGNATURE-


--
 +---+
 | Ulrich Bernhard   |
 | Informatikdienste  Tel: (+41-44) 635 67 73|
 | Universitaet Zuerich   Fax: (+41-44) 635 45 05|
 | Winterthurerstr. 190  |
 | CH-8057 ZuerichEmail: [EMAIL PROTECTED] |
 | Switzerland   |
 +---+
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't open/create local group with usrmgr

[yaya]

Still trying..., so...

I made user [Domain]\Administrator, I run usrmgr as it, when I open a local 
group, usrmgr shows message:

The specified local group does not exist.

And the log still says:

[2005/10/26 18:42:48, 0] lib/smbldap.c:smbldap_open(822)
 smbldap_open: cannot access LDAP when not root..
[2005/10/26 18:42:48, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1972)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
(Time limit exceeded)


Yes, Administrator's group is "Domain Admins" and I set all the privs to it, 
but I don't set the privs to Administrator, should I do it? IMO, it still 
will not work, cause when I applied all privs to a user, it failed.


Why I made user Administrator, cause it's noticed on the doc to create a 
user that will manage the domain besides user root or even not to use user 
root. The user root will be removed as soon as poosible.


TiA,
yaya

- Original Message - 
From: "yaya" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, October 26, 2005 3:59 PM
Subject: Re: [Samba] can't open/create local group with usrmgr



Yes, I 'enable privileges = yes' in smb.conf.

[EMAIL PROTECTED] sbin]# ./smbldap-usermod -G +512 yaya
User "yaya" already member of the group "512".

..but
[EMAIL PROTECTED] sbin]# ldapsearch -x -D 
cn=Manager,dc=sma,dc=al-izhar-jkt,dc=sch,dc=id -W uid=yaya

...cutted
gidNumber: 513
sambaPrimaryGroupSID: S-1-5-21-2567078096-2875653774-645762936-513
...cutted

Should I set the 'gidNumber: 512 and the 'sambaPrimaryGroupSID: 
S-1-5-21-2567078096-2875653774-645762936-512' too?


[EMAIL PROTECTED] sbin]# net rpc rights list accounts
Password:
..cutted..
SMA\Domain Admins
SeMachineAccountPrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
..cutted..

TiA,
yaya 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with LDAP authentication backend.

[Robert . Becker]

Hello.

I am attempting to integrate Samba into our LDAP authentication and am
running into a few problems.  First, here is my current configuration:

[global]
netbios name = SYSLOGSERVER
workgroup=MOTOGROUP
security = user
encrypt passwords = yes
ldap admin dn = cn=Administrator,dc=motogroup,dc=com
passdb backend = ldapsam:ldap://10.100.23.102/
ldap delete dn = no
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap machine suffix = ou=Computers
ldap suffix = dc=motogroup,dc=com

log level = 3
syslog = 2



[eams]
path = /syslog/eams



Either I do not understand how Samba impliments LDAP or there is something
wrong with my setup.  My LDAP implimentation is as follows.  The main LDAP
suffix is dc=motogroup,dc=com and there are OU's of people and group under
there.

Now, Samba is able to connect to the LDAP server, but it is not looking in
the right place for the user accounts.  If I attempt to run pdbedit -L I
get the following:
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldapsam_setsampwent: 0 entries in the base!

What I see there is Samba is in SamaDomainName=SYSLOGSERVER for the user
accounts.  Since the accounts are not stored under that OU it isn't finding
anything.  I attempted to copy the OU=people and the OU=group to
SamaDomainName=SYSLOGSERVER but it still fails.

Anyone have any ideas why Samba is not finding the accounts?

Thanks a bunch.
-Rob Becker


**
The information contained in this message is confidential and is
intended for the addressee(s) only. If you have received this message in error 
or there are any problems please notify the originator immediately. The 
unauthorized use, disclosure, copying or alteration of this message is strictly 
forbidden. Motorists Insurance Group will not be liable for direct, special, 
indirect or consequential damages arising from the alteration of the contents 
of this message by a third party or as a result of any virus being passed on.

**
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problems setting up Samba+LDAP PDC in Debian Sarge

[paul kölle]

Chema wrote:
> I see on log.nmbd:
> 
> [2005/10/25 10:42:15, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
>  add_domain_logon_names:
>  Attempting to become logon server for workgroup CORENA on subnet
> UNICAST_SUBNET
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327)
>  become_domain_master_browser_wins:
>  Attempting to become domain master browser on workgroup CORENA,
> subnet UNICAST_SUBNET.
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
>  become_domain_master_browser_wins: querying WINS server from IP
> 10.9.60.94  for domain master browser name CORENA<1b>
> on workgroup
> CORENA
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_logonnames.c:become_logon_server_success(124)
>  become_logon_server_success: Samba is now a logon server for
> workgroup CORENA on subnet UNICAST_SUBNET
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
> Is this "domain master browser name CORENA<1b>" normal?
What make you think those messages have anything to do with the problem
at hand?

> 3. passwd
[snipp]
This is all about pam_ldap/nss_ldap, nothing samba specific.

> 
> With my normal user, if I try to change the password:
> 
> [EMAIL PROTECTED]:~$ ldappasswd
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
>additional info: SASL(-13): user not found: no secret in
> database
> 
> This produces the following sldap output:
> 
> Oct 25 11:45:03 dellj81 slapd[2925]: SASL [conn=55] Error: unable to
> open Berkeley db /etc/sasldb2: No such file or directory
> Oct 25 11:45:03 dellj81 last message repeated 2 times
> Oct 25 11:45:03 dellj81 slapd[2925]: SASL [conn=55] Failure: no secret
> in database
> Oct 25 11:45:03 dellj81 slapd[2925]: conn=55 op=2 RESULT tag=97 err=80
> text=SASL(-13): user not found: no secret in database
> 
> I have yet to enable TLS, so slapd shoulnd't be using SASL, right?
Eh?, you can use ldappasswd -x ... to use simple binds to ldap or setup
/etc/sasl2/slapd.conf to use slapd's internal auxprop plugin and add a
sasl-regexp directive (man slapd.conf) to map SASL id's to DNs.

my /etc/sasl2/slapd.conf (mech_list probably doesn't fit your needs):

#begin
mech_list: GSSAPI DIGEST-MD5 CRAM-MD5 NTLM EXTERNAL
pwcheck_method: auxprop
auxprop_plugin: slapd
#end

cheers
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaLogonHours and timezones

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Wilson wrote:
| Hi Jerry,
|
| Thanks for your reply.
|
| Sound like what you've said is correct.
|
| Could it not be that the values being stored are in
| GMT and that's why  my clients (Windows XP) who are in
| the SAST timezone (GMT+2) cannot log on two hours
| before they would normally not be able to ?

| Perhaps it's the NT User Manager running on XP that
| is perhaps not  picking up the correct timezone of
| the XP desktop when we set the logon hours ? Perhaps
| the NT User Manager believes it's in GMT ?
|
| A shot in the dark ? :)

Could be.  I've copied Jim McDonough on this this he
has been poking with usrmgr.exe more than I have lately.
I'm hoping (hey Jim :) ) that he'll be able to follow
though with any untested corner cases here.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3ljIR7qMdg1EfYRAoKrAJ0WGn7o2DEAuCxqwTsEILPRdvb03gCeLCyU
nPBRCJJdPFIlKwyGfNdpg6E=
=+1Rz
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Share of NFS filesystem

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ulrich Bernhard wrote:

| We have a samba share which is a NFS mounted filesystem
| with user quota. The samba server runs SuSE 9.2, the
| samba version is 3.0.20b. The filesystem is nfs mounted
| from a NetApp fileserver.

How do quotas work for you on a local file system?
What about other NFS mounted file systems?  Why guess
would be there's some issue with how the NetApp box and Samba are
interacting wrt to quota information.







cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3bwIR7qMdg1EfYRAhUbAJ9D7ecomOoJCOMljii0GiP/Z+lrywCfc990
iT6J/XK5w8yawWwhjpHKGoI=
=ecll
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba without netbios

[julius Junghans]

John H Terpstra wrote:

>OK - I'll try to answer this.
>
>Originally Windows networking used only NetBIOS over TCP/IP.
>
>Browsing uses a complex interaction of name registration and resolution 
>involving UDP ports 137 and 138. Port 137 is the NetBIOS Name Server port, 
>but it is also used to handle all browsing operations. Browsing is the 
>ability to locate domains and machines over the network.
>
>A NetBIOS machine name must be resolved to its IP address. This can be done 
>using WINS using NetBIOS unicast requeries over unicast UDP, or via NetBIOS 
>broadcasts over UDP broadcast using port 137.
>
>File and print sharing operations under NetBIOS over TCP/IP are performed over 
>TCP port 139. Both ends of the NetBIOS over TCP/IP connection must know each 
>others NetBIOS name. Name resolution is vital to NetBIOS over TCP/IP 
>operation - WINS is your friend because it adds reliability and reduces 
>network UDP traffic.
>
>Windows 2000 introduces ADS!
>
>Enter Windows 2000 with ADS, and the ability to disable NetBIOS over TCP/IP.
>In its place Windows 200X uses DNS, Kerberos, LDAP, and Raw SMB over TCP/IP.
>The DNS, Kerberos and LDAP services run over the standard well-known ports.
>Raw SMB over TCP/IP uses TCP port 445.
>
>On Windows 200X clients, when NetBIOS over TCP/IP is disabled, and an attempt 
>is made to join a domain, the client automatically tries to use the 
>combination of DNS, Kerberos, LDAP and TCP port 445 services with the 
>expectation that Microsoft Active Directory is being used. In order to remain 
>backwards compatible, TCP port 139 can also be used.
>
>The mechanisms behind TCP ports 139 and 445 are very different. A connection 
>made on port 445 must be able to resolve the fully qualified hostname using 
>the protocols expected within ADS. That is, via DNS using SRV records as well 
>as A records. Additionally, the client will try to use Kerberos information 
>to contact the DNS server and the LDAP server. It expects to find SMB 
>information in the Kerberos PAC (a data blob inside the Kerberos ticket that 
>is unique to ADS's implementation).
>
>With ADS browsing involves DNS, LDAP and Raw SMB traffic over ports 445 and 
>139. The client expects all the information that it wold obtain if it were a 
>member of an ADS domain.
>
>Samba-3 supports port 445 and all operations necessary to be an ADS domain 
>member server. It can not be an ADS server, and it can not be an ADS domain 
>controller. That functionality is being added in the Samba-4 project.
>
>What this means is, that if you disable NetBIOS over TCP/IP on your clients 
>and on Samba-3, you will not be able to browse the network. Additionally, 
>Samba can NOT be a domain controller. It can be a stand-alone server without 
>NetBIOS over TCP/IP.
>
>Samba-3 can be a file and print server for Windows clients that have NetBIOS 
>disabled - but some things may break.
>
>In short, NetBIOS-less SMB implies ADS. Samba-3 is not an ADS server. Ergo, NO 
>ADS for all practical purposes means DOES NOT WORK.
>
>  
>

Thx for the awnser,

so no real solution until samba 4.


Greets
Julius


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SWAT Help Hyperlinks Not Working

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Schwartzman wrote:

| Clicking on the smbd link resolves
| to http://localhost:901/swat/help/manpages/smbd.8.html
| which gives me the 404 error, but should resolve to
| /usr/share/doc/packages/samba/htmldocs/manpages-3/nmbd.8.html.

It was my bug in the 3.0.20[a] release tarball.  Samba 3.0.20b
is ok and I've added scripts to that patr of the release process
to prevent it from happening again.Just run

# ln -s \
/usr/share/doc/packages/samba/htmldocs/manpages-3 \
/usr/share/doc/packages/samba/htmldocs/manpages

and it should be ok.








cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3WPIR7qMdg1EfYRAgbZAKDgrIUZySkFlxMWhuCphjfPa8cUEACgxs8d
kK3QRoT+NuXymneLkxWDEHs=
=tu1+
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba without netbios

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John H Terpstra wrote:
| OK - I'll try to answer this.
|
| Originally Windows networking used only NetBIOS over TCP/IP.

You said the 'N' wordI wonder if Chris will magically
appear.

| Browsing uses a complex interaction of name registration
| and resolution  involving UDP ports 137 and 138. Port 137
| is the NetBIOS Name Server port,  but it is also used to
| handle all browsing operations. Browsing is the
| ability to locate domains and machines over the network.

Not completely true. The NetServerEnum commands are CIFS/SMB ops.
(I know you just forgot this point).   The browsing election
and name resolution services are done via port 137 and 138
though.

| On Windows 200X clients, when NetBIOS over TCP/IP is disabled,
| and an attempt is made to join a domain, the client
| automatically tries to use the combination of DNS, Kerberos,
| LDAP and TCP port 445 services with the expectation that
| Microsoft Active Directory is being used. In order to remain
| backwards compatible, TCP port 139 can also be used.

Do you have traces of this?  When netbios is disabled, I've never
seen any related traffic on port 139.  That's kind of the point of
disabling netbios services.

| The mechanisms behind TCP ports 139 and 445 are very
| different. A connection made on port 445 must be able
| to resolve the fully qualified hostname using the
| protocols expected within ADS. That is, via DNS using
| SRV records as well as A records.

You're not limited to SRV and A records of course.  You just
need to resolve the name via DNS.  Or just use an IP address.

| Additionally, the client will try to use Kerberos information
| to contact the DNS server and the LDAP server.

This line is confusing, but I assume you mean looking up
the KDC and directory servers via SRV records.

| It expects to find SMB information in the Kerberos PAC
| (a data blob inside the Kerberos ticket that is unique
| to ADS's implementation).

Geeze I know I sound like Chris nowbut what is SMB
information?  Since this thread will undoubtedly be referred
to later on and for the sake of clarification

You mean the users SID and group membership.  that is
really irrelevant to the SMB protocol.  And is specific
to MS's security model (again I know you know this, but
not everyone does).

| With ADS browsing involves DNS, LDAP and Raw SMB traffic over
| ports 445 and 139. The client expects all the information
| that it wold obtain if it were a member of an ADS domain.

Again, you need to be clear on whether you are talking about browsing
the directory for the network.  Directory browsing is just LDAP search
requests.  Network browsing still requires netbios.

| Samba-3 can be a file and print server for Windows clients
| that have NetBIOS disabled - but some things may break.

Not true.  If you set 'disable netbios = yes' and don't
start nmbd, things should work just fine in a AD environment
with "security = ads".  if something doesn't work that should,
it is a bug.

| In short, NetBIOS-less SMB implies ADS. Samba-3 is not an
| ADS server. Ergo, NO ADS for all practical purposes means
| DOES NOT WORK.

Sorry John.  This is just wrong.  Samba as a member server
should be fine when you disable netbios.  Unless I just
don't understand what you are trying to say.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3UBIR7qMdg1EfYRAprUAJ0UQiV+pAVQ4KeU7aDeVBS1feUhMQCeNQ6Q
27UH2h6idiYfdMJuaA+iSso=
=mpim
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems setting up Samba+LDAP PDC in Debian Sarge

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chema wrote:
...
| From Samba 3.0.12, it is now possible for admin users
| to join computers to the domain without using
| the "root" account."
| ...
| In fact, the 'root' account is needed in the first place
| so that the SeXXX privileges can be set.>>

Actually, any members of the domain admins group (rid=512)
can assign and revoke privileges.

| Anyway, after fiddling around looking for clues, I
| found that I no longer can get my local sid:
|
| [2005/10/25 11:20:25, 0] utils/net.c:net_getlocalsid(494)
|  Can't fetch domain SID for name: SERVIDOR1-PDC

That would be a pretty big issue, but smbd should regenerate
a random SID on startup.


| [EMAIL PROTECTED]:~$ ldappasswd
| SASL/DIGEST-MD5 authentication started
| Please enter your password:
| ldap_sasl_interactive_bind_s: Internal (implementation
|specific) error (80)
|additional info: SASL(-13): user not found: no
|secret in database
|
| This produces the following sldap output:

| I have yet to enable TLS, so slapd shoulnd't be
| using SASL, right?

The StartTLS extended op and and SASL are independent things.








cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3F1IR7qMdg1EfYRAjt6AJ9sIdpo+soLfgq5avrpLmh1uEqGWgCfeXHX
SuLmVP8Ef113COsZL5SrMic=
=w2N4
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] new user can not login

[Niels Peuyn]

Hello,

OS: FreeBSD 4.11-RELEASE
Samba: Update from 2.2.5 to 3.0.20 (PDC)
Clients: WindowsXP SP2

I'm going to change the password backend. What I did is:

npy# pdbedit -i smbpasswd -e tdbsam

smb.conf:
---snip
[global]
   smb passwd file = /usr/local/lib/samba/private/smbpasswd
;   (I also tried "passdb.tdb" instead of "smbpasswd")

   passdb backend = tdbsam:/usr/local/lib/samba/private/passdb.tdb, smbpasswd
---snip

npy# pdbedit -a nholz
npy# grep -iac nholz /usr/local/lib/samba/private/passdb.tdb
2

Problem: new added users can not login to PDC
Error message (WinXP) : ... Please check user name or domain ...

Thanks in advance
Niels
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Enforce strong passwords?

[Andrew Bartlett]

On Tue, 2005-10-25 at 18:07 -0600, John H Terpstra wrote:
> On Tuesday 25 October 2005 17:58, Charles Marcus wrote:
> > Is there any way to do this with Samba and LDAP?
> >
> > What I'd like is to be able to, at a minimum, force minimum password
> > length, mixture of letters and numbers, and at least two 'special
> > characters'...
> >
> > Is this doable with Samba using LDAP for authentication? If not, is it
> > doable using other authentication means?
> 
> Yes, it can be done with Samba-3 using either the tdbsam or the ldapsam 
> passdb 
> backend. I would recommend that you use Samba-3.0.21 that will soon be 
> released as it has a number of refinements to assist in the implementation 
> and management of password controls.

See in particular

   check password script = /usr/local/bin/crackcheck
-d /usr/lib/cracklib_dict

(where crackcheck was compiled from the code in examples/auth in the
samba tarball).

This checks against cracklib, which is very painful, exactly the way you
want it to be :-)

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] usrmgr: group not found. (Partly SOLVED)

[Koenraad Lelong]

Koenraad Lelong schreef:

Koenraad Lelong schreef:


...

So I installed 3.0.20b and started from scratch, with the same problems.
I'm using the same scripts as in TOSHARG chapter 2, Domain Controller's
smb.conf.
Is no-one able to give me some hints how and where I should look ?

Regards,
Koenraad Lelong
ACE electronics.

Stupid me ! I executed my 'add user to group script' from the 
commandline, and it showed I had a wrong path : /usr/bin should be 
/usr/sbin/groupmod. That solved my problem about modifying groupmemberships.
BUT, remains the problem why uses can't belong to other groups than the 
mapped samba-groups. I modified /etc/default/useradd and removed the 
GROUPS entry, so new users in passwd are member of no other group than 
'users'. Now I can add and remove users and modify their group-memberships.

By the way, is there a log-file where I could have found this ?
Thanks for any help,
Regards,
Koenraad Lelong
ACE electronics
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Missing files from share with cifs

[Anna Foeglein]

Hi everyone,

since its upgrade yesterday, my laptop and desktop computers only see a small
portion of the files (about 500 of 2000) in one of the samba shares on my 
samba server.  They both miss the same files. There's no apparent system in 
what's missing, not date or alphabetic order or size anyway.

The technical details: 
Laptop runs Ubuntu Breezy, smbclient 3.0.14a-ubuntu, mount.cifs 1.6.,
Desktop the same.
Server (named blacky) runs Debian Sarge, smbd 3.0.14a-Debian.
The share is mounted in fstab with:
//192.168.1.31/music/media/blacky/music cifs 
   credentials=/root/.smbcredentials,uid=anna,gid=anna,rw,user
(in one line, of course.)

I couldn't find relevant information in any of the logs on server or clients
(syslog, messages, samba/log.).

Today I tried the solution to the timeout problem with smbfs (I used to have 
similar problems with smbfs between Linux  boxes which is why I use cifs) and 
with smbfs everything's ok. I guess mount.cifs has some problem?

Seen from Windows XP Prof, everything is working ok. 
Any ideas what's going on here? This happened to my Windows box once, it was
cacheing something, and a reboot sorted it out. This time rebooting didn't 
help.

Thanks for the attention,
Anna
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Possible Samba Memory Leak

[Stephen Borrill]

On Mon, 4 Jul 2005, Jeremy Allison wrote:

On Wed, Jun 29, 2005 at 08:19:18AM -0400, Anthony Russello wrote:


Hi Jeremy,

The same issue occurs when running samba 3.0.14a fresh
from samba.org.


As you're doing this on an embedded system as I recall you
might want to cut down on the stat cache (which can grow
unlimited on normal systems). To turn it off set :

stat cache = False

To limit the size set :

max stat cache size = XX

(where XX is in 1k units).


We have a similar problem at one site using a Fox Pro database. The sizes 
of the smbd processes continually increases until the server runs out of 
swap (3.0.14). We've mitigated this a little by getting them to all log 
off overnight and also restarting samba at 8am, but by mid-afternoon the 
problem usually re-occurs. The processes get up to 200MB or so if left 
unchecked. We've been running with "stat cache = no" for a while which has 
made no difference. The DBF files being used by the database (it uses some 
nasty file locking to spoof up a multi-user db) are up to around 90MB in 
size.


I cannot be certain, but I believe this problem has only recently started 
happening (perhaps with an upgrade from 3.0.10 to 3.0.14?).


Is there anything I can tweak?

--
Stephen

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba on NFS share with quota support

[bs]

Dear List,

How to get quota support on samba on the
NFS disk, right now i'm using XFS on the NFS and samba-3.0.20b

Thanks

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't open/create local group with usrmgr

[yaya]

Yes, I 'enable privileges = yes' in smb.conf.

[EMAIL PROTECTED] sbin]# ./smbldap-usermod -G +512 yaya
User "yaya" already member of the group "512".

..but
[EMAIL PROTECTED] sbin]# ldapsearch -x -D 
cn=Manager,dc=sma,dc=al-izhar-jkt,dc=sch,dc=id -W uid=yaya

...cutted
gidNumber: 513
sambaPrimaryGroupSID: S-1-5-21-2567078096-2875653774-645762936-513
...cutted

Should I set the 'gidNumber: 512 and the 'sambaPrimaryGroupSID: 
S-1-5-21-2567078096-2875653774-645762936-512' too?


[EMAIL PROTECTED] sbin]# net rpc rights list accounts
Password:
..cutted..
SMA\Domain Admins
SeMachineAccountPrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
..cutted..

TiA,
yaya

- Original Message - 
From: "Jerome Tournier" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, October 26, 2005 2:32 PM
Subject: Re: [Samba] can't open/create local group with usrmgr


Le Wed, Oct 26, 2005 at 12:30:06PM +0700, yaya a ecrit:

When I do it as root, the usrmgr message:
The following error occured creating the local group Staffs:
Access is denied.
I installed Samba with ldap backend and applying IDEALX. I need to
create/manage users and groups with usrmgr.

Did you tried setting priviledge to the "Domain Admins" group (for example),
and then tried to use a member of this group ?
. smbldap-usermod -G +512 adminuser
. "enable privileges = yes" in smb.conf
. net -U root%XXX rpc rights grant 'SMB-DOM\Domain Admins' 
SeMachineAccountPrivilege

--
Jérôme


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] usrmgr: group not found.

[Eric A. Hall]

On 10/26/2005 3:43 AM, Koenraad Lelong wrote:

> So I installed 3.0.20b and started from scratch, with the same problems.
> I'm using the same scripts as in TOSHARG chapter 2, Domain Controller's
> smb.conf.
> Is no-one able to give me some hints how and where I should look ?

The only time I've run into this was with groups that were typically in
the built-in list, or with mapped nobody groups.

Does it happen for all users or just some of them?

Do you get the same problem with (eg) net group list member and other
similar commands?


-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] usrmgr: group not found.

[Koenraad Lelong]

Koenraad Lelong schreef:

Matthew Easton schreef:



On Oct 24, 2005, at 8:03 AM, Koenraad Lelong wrote:





I tried more things. I found that adding users made them member of a
number of Linux-groups (defined by /etc/default/useradd).



<>


If I remove the extra groups, leaving just the primary group of the  new
user (in Linux) then if I double click on the user and again just  click
on OK, this error message is gone.




So is this a problem on the Linux side?  You are trying to add a user  
to several groups and one or more of the groups does not exist.  When  
you add a user in samba, it creates the Linux user using the defaults  
in /etc/default/useradd... so you get the error message.


grep through /etc/group and see if the groups in fact exist.  If they  
do not, either change /etc/default/useradd, or create the necessary  
groups with /usr/sbin/groupadd


No, all the groups in /etc/default/useradd do exist.
I'm going to install 3.0.20b, and start from scratch. I'll keep in touch.

Regards,
Koenraad Lelong
ACE electronics.

So I installed 3.0.20b and started from scratch, with the same problems.
I'm using the same scripts as in TOSHARG chapter 2, Domain Controller's
smb.conf.
Is no-one able to give me some hints how and where I should look ?

Regards,
Koenraad Lelong
ACE electronics.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Share of NFS filesystem

[Ulrich Bernhard]

We have a samba share which is a NFS mounted filesystem with user quota. 
The samba server runs SuSE 9.2, the samba version is 3.0.20b. The 
filesystem is nfs mounted from a NetApp fileserver.


If a user on a windows (xp or 2k) client copies some files onto his 
samba share and needs more space than the quota allows, the copy 
operation ends without any error message! As I have seen in the samba 
server log, the server sends the error code 'NT_STATUS_DISK_FULL' during 
the close operation but it seems that windows is ignoring this error.


Is that a bug in our samba configuration or in the windows?

Thanks for any help or hint
Ulrich

--
 +---+
 | Ulrich Bernhard   |
 | Informatikdienste  Tel: (+41-44) 635 67 73|
 | Universitaet Zuerich   Fax: (+41-44) 635 45 05|
 | Winterthurerstr. 190  |
 | CH-8057 ZuerichEmail: [EMAIL PROTECTED] |
 | Switzerland   |
 +---+
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't open/create local group with usrmgr

[Jerome Tournier]

Le Wed, Oct 26, 2005 at 12:30:06PM +0700, yaya a ecrit:
> When I do it as root, the usrmgr message:
> The following error occured creating the local group Staffs:
> Access is denied.
> I installed Samba with ldap backend and applying IDEALX. I need to 
> create/manage users and groups with usrmgr.
Did you tried setting priviledge to the "Domain Admins" group (for example),
and then tried to use a member of this group ?
. smbldap-usermod -G +512 adminuser
. "enable privileges = yes" in smb.conf
. net -U root%XXX rpc rights grant 'SMB-DOM\Domain Admins' 
SeMachineAccountPrivilege
-- 
Jérôme

This email is solely intended to the addressees and contains confidential
information. Unless stated, the opinions and comments written down in this
document are the sender's property and not the official vision of our Group.
If you receive this email in error, please notify us by sending it back
immediately to the email address of the sender and then please delete it from
your own system. Please don't copy, use or forward the content of this document
and its attachments to another person for any reason.
Thank you for your understanding.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.14a-Debian, MySQL Backend, Migration Problem

[Collen Blijenberg]

This would be a nice feature for future releases of samba.

to be able to make a dump of your users/machine accounts.
let's say an import/export function of user & machine account..

it let's you migrate from differend passwd backend easely..
dunno just trying to help here, with some ideas..

Greets

Collen

Daniel Morlock wrote:

Hi,

I have an old system running Samba 3 with default passwd backend for about
30 users. Not I set up a new Samba 3.0.14a with mysql backend on another
machine. I'd like to migrate the users from old system to the new system! I
read through the official Samba HOWTOS and googled, but no useful concept of
migration found.

At the weekend I tested the following concept:

- Configure the new server as BDC for the old server
  => Join the domain: "net rpc join -S OLD_SERVER -w DOMNAME -U
Administrator%passwd"
  => Get the local SID with: "net rcp getsid"
  => Sync the old /var/lib/samba with the new /var/lib/samba
  => Sync the shared data and profiles
  => Sync /etc/passwd /etc/samba/smbpasswd /etc/group (Note: I decided to
set up a default passwd backend, and if this is running, I change to mysql
backend)

After I changed the smb.conf I restarted the servers and I become the
message from BDC: "become domain logon server for DOMAIN". The testparm
script tells me, that the smb.conf is set up correctly and it returns:
Server role: ROLE_DOMAIN_BDC.

A quick test was successful, I can login / logout from a domain user account
on a windows xp station. Now I want to deactivate the old server and login
with only the new server, so I shutdown the old server. A further login is
working, BUT:

I can login / logout without problems, so the authentification with BDC only
is working! But I get the windows error message, that the group and user
policies are wrong and therefore windows creates a new local profile.

So my questions:
- Have someone an idea to fix this problem?
- Make my concept sense or does someone has a better concept?

I hope you can help me with my problem.
Regards,

Daniel Morlock



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Authentication problem with Mysql backend

[Collen Blijenberg]

Whoh man...

did you create the unix user-account aswell ??

also try to change these settings:

-> encrypt passwords = YES
-> passdb backend = mysql:mysql
-> #mysql:username column = username:
-> #mysql:lanman pass column = lm_pw:
-> #mysql:nt pass column = nt_pw:
-> #mysql:plain pass column = plain_pw:
-> #mysql:unknown_3 column = NULL

also what version of samba do you use ??



Rodrigo De la Pena wrote:

hi,

/
i'm trying to configure samba with the mysql backend but it doesn't
work. my smb.conf file is this:
/
#BOF
[global]
security = user
workgroup = CABRERA
encrypt passwords = no
;passdb backend = mysql:/usr/local/samba/lib/pdb/mysql.so
passdb backend = mysql:mysql
mysql:mysql host = localhost
mysql:mysql user = samba
mysql:mysql password = abmas
mysql:mysql database = samba
mysql:mysql table = user

mysql:username column = username:
mysql:lanman pass column = lm_pw:
mysql:nt pass column = nt_pw:
;mysql:plain pass column = plain_pw:
mysql:unknown_3 column = NULL

#EOF

/
when i run smbclient it fails
/

[EMAIL PROTECTED] ~]# smbclient  //localhost/rodelapena -U rodelapena -d 10
/
the dir exists in the route showed up. //home2/rodelapena/


i don't know what is going on, the pdbedit command fails when i try to
create an user but doesn't when i update it.

I'm very new in samba, if you can help me with this problem i'll thank
you ever.

Thanks a lot.
/






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba